Xiaomi’s Security app wasn’t as secure as you might have thought
One of Xiaomi’s most feature-packed pre-installed apps is Security. That’s where you will find the virus scanner, RAM cleaner and even the Game Turbo feature. However according to Check Point Research, Xiaomi’s pre-installed Security app has a pretty glaring security flaw.
The Security app receives its updates over an unsecured HTTP connection. Malicious individuals could intercept the unsecured network traffic via a Man-in-the-Middle (MiTM) attack and inject malware via the update process of the third party SDKs. However the hacker will have to be on the same WiFi network as their victims for this to work.
According to Check Point Research, Xiaomi’s implementation of multiple SDKs into the Security app may result in critical vulnerabilities because of how one problematic SDK can compromise the other’s security. As the Security app is pre-installed on every Xiaomi device, this vulnerability would have affected millions of Xiaomi users worldwide.
Luckily, Xiaomi has already patched the vulnerability shortly after Check Point disclosed the issue to them. So if you phone has been updated, you should be just fine.
Pokdepinion: I don’t even use the security scan on my phone…