Chinese smartphone manufacturer Xiaomiis facing a security vulnerability that affects many devices. In the mobile payment of the company, which has attracted attention with its important models recently, security bug turned out to be. This vulnerability can cost users their money. Here are the details!
CPR cybersecurity experts find vulnerabilities in some Xiaomi phones
Mobile payment is a very common form of payment nowadays. For convenience, we make mobile payments on a daily basis, leaving aside various uncertainties and doubts. However From Check Point Research (CPR) Cybersecurity experts found vulnerabilities in some Xiaomi phones.
Experts exploit this vulnerability in the mobile payment mechanism of devices for threat actors to sign fraudulent payments and steal users’ money. Checkpoint Security Researcher Slava Makkaveevmade a statement on the subject. “We discovered a number of vulnerabilities that could allow forgery of payment packages or direct deactivation of the payment system from an unprivileged Android application.” said.
Interest in Xiaomi Mix Fold 2 is great! big success in 5 minutes
Xiaomi recently announced that the Mix Fold 2 model, which went on sale in China for the first time, achieved significant sales success.
According to CPR’s report, the vulnerabilities store sensitive information such as passwords and security keys. In Xiaomi’s Trusted Environment appeared. According to this vulnerability, there are two ways to get users’ money. One of them is to provide malware downloads or directly examine the device itself.
The first type of attack is when a user uploads from a malicious Android app income. In this case, the app sends a fake payment package to get the keys and steal the money. The second attack method involves physically taking over the device by the attacker. If it is not physically possible to take possession of the device, can root. In addition, it can lower the environment of trust. Then to create a fake payment package without the app your code can use.
After finding the flaw, Makkaveev informed Xiaomi to fix the problem. “We have disclosed our findings to Xiaomi, which is working quickly to issue a fix.” After that, Xiaomi fixed the security vulnerabilities instantly.
So, what do you think about the Xiaomi vulnerability? Don’t forget to share your views with us in the comments section!