Thursday, July 14, 2016

// // Leave a Comment

Millions Of Xiaomi Smartphones Vulnerable To MitM Attacks – IBM

Xiaomi smartphones are at risk of Man-in-the-Middle (MitM) attacks thanks to a remote code execution vulnerability. Researchers discovered and reported this critical exploit to Xiaomi earlier this year, which has now patched the flaws. The vulnerability could have been exploited by attackers to gain complete control of infected handsets.


IBM discovers critical bugs in Xiaomi MIUI OS

Xiaomi is world’s third largest smartphone manufacturer, which managed to sell over 70 million devices last year alone. Millions of these devices could be vulnerable to a severe remote code execution (RCE) flaw that grants attackers complete control of the infected devices. This vulnerability exists in the company’s implementation of the Android operating system. MIUI, a custom flavor based on Android 6.0 Marshmallow, ships with Xiaomi’s devices, and is also available to be flashed on devices sold by other vendors.

Discovered by IBM X-Force researcher David Kaplan, this flaw potentially offers attackers privileged network access (e.g. public WiFi), using which they can install malware remotely on the affected devices. This vulnerability was present in the analytics packages that exists in various applications shipping with MIUI. All these apps in the MIUI Developer ROM version 6.1.8 are vulnerable to remote code execution via man-in-the-middle attacks, including the built-in browser app.

These apps offer different capabilities and privileges, researchers warned. Vulnerable apps could be abused to provide ROM updates remotely, enabling apps to run with the privileges of its host app. These updates are performed over an insecure HTTP link, instead of HTTPS, making way for MitM attacks. “If a vulnerable application was found to be running as the system user, a good portion of the Android’s user space would be compromised,” Kaplan said.

IBM informed Xiaomi of this vulnerability in January, and the company has now patched it. Xiaomi has started sending over-the-air updates to its devices worldwide. Users are advised to update to MIUI Global Stable version 7.2 based on Android 6.0 as soon as it becomes available to get these critical fixes.


Source:  WCCF Tech

0 comments:

Post a Comment


DISCLAIMER: Opinions expressed in comments are those of the comment writers alone and does not reflect or represent the views of the post author. We reserve the right to delete any post deemed inappropriate or offensive and/or spammy. Please do not use abusive words/hate speech.

I Appreciate your valuable Feedback. So, Please DO NOT SPAM - Spam comments will be deleted immediately.

Don't use brand name in name field and you're not allowed to use links in comments unless it's necessary. Such comments will be removed immediately.

Thanks.