Xiaomi phones have serious security flaws!
A flaw has been discovered in some Xiaomi phones by cybercrime experts from Check Point Research (CPR). This flaw could have cost users a lot of money and it could have drained all their money. But luckily, Xiaomi reacted quite quickly.
CPR experts have discovered a flaw in the mobile payment mechanism of the Chinese brand’s devices. They say that hackers could have exploited it to sign fake payments and thus steal hard-earned money from the owners of these smartphones.
About the Rift
The vulnerabilities were discovered in Xiaomi’s trusted environment. The latter is a storage tool and manages various sensitive information of the owner of the phone such as passwords or security keys. The CPR team was able to prove this by hacking WeChat Pay and implementing a fully functional proof of concept. According to the CPR report, there are two ways for hackers to steal people’s money.
The first is to make them install malware. Thanks to this software, they were able to extract keys and thus send fake payment packets. The second way is to steal or modify the device itself. It involves rooting the smartphone, downgrading the trusted environment and executing the code with the aim of creating a fake payment package without an application. Whether using the first process or the second, the endpoint is the same: it must be running on MediaTek processors.
The reaction of the Xiaomi company
A CPR security researcher by the name of Slava Makkaveev said that they quickly informed Xiaomi of their discovery and that the company ” worked quickly to release a fix “. It was the least thing to do given the stakes there were.
Makkaveev added that users should constantly ensure that their smartphones are updated to the latest version provided by the phone manufacturer. He further continued that “ if even mobile payments weren’t secure, then what is? “. Indeed, mobile payment systems are sensitive, they are the major targets of cybercriminals. Separately, Fortune Business says the mobile payments market is expected to reach $11.83 trillion in 2028.
source
