Hackers Turning Pre-Installed Security App in Xiaomi Smartphones into Malware

Hackers Turning Pre-Installed Security App in Xiaomi Smartphones into Malware, today we are going to know more on the topic of malware distribution by pre-installed Security application Xiaomi by hackers and leaving backdoor and exploits behind in the smartphone. How will you feel when you get a security application to protect antivirus is exposing your privacy and allowing you to get hacked and even worse.

Recently researchers revealed that one of the most common inbuilt security app. This security application is preinstalled in more than 150 million devices and these devices are manufactured by Xiaomi, China's biggest and world's 4th largest smartphone company, which is also known as Mi. This security application is suffering from a range of different security issues that can possibly have allowed hackers to compromise Xiaomi or Mi Company manufactured smartphones remotely.

Pre-Installed Security App – About the vulnerability

The vulnerability that is used by hackers Turning Pre-Installed Security App in Xiaomi Smartphones into Malware is the security application which comes pre-installed in only Xiaomi Smartphones. This pre-installed Security app is ‘Guard Provider’. Also, this security application is exposed to more than 150,000 Smartphones. This preinstalled security application named ‘Guard Provider’ allows an attacker to launch and target the victim’s device or Smartphone by launching MIMT attack (Man In The Middle Attack).

Even though the security application offers security including third party SDK’s, still the attacker can remotely launch Man in The Middle Attack in the Xiaomi device. Adding to this vulnerability also allows the user to disable malware and virus protection, deploy other viruses, tracking scripts and also can download or install media every stuff present in the victim's device.

Pre-Installed Security App in Xiaomi – Important Points

The security app that comes pre-installed to give high security to its users uses antivirus databases of three different antivirus companies in the form of SDK’s (Software Development Kits) which include - Avast, AVL, and Tencent Companies.

Using three different databases according to researchers was actually not a very good idea as the data which is contained in any SDK cannot be isolated or mixed and used along with other SDK. This is just because every database is designed in a different manner and order along with different specifications and so if any issue arises in any of the SDK will definitely compromise the security protection provided to the users.

However, the most important and the hidden disadvantage which couldn’t be seen was that of using three different SDK in a single security application is that all the SDK’s will share each and every app permission granted by the user and the content for which it is granted permission.

Soon after this breaking news came the Mi Company worked on the issue and fixed it within a week and confirms that Xiaomi has now fixed all the issues related to the security application which comes pre-installed in Mi devices in the latest version of its Guard Provider app which they have released.

Xiaomi Smartphones into Malware – How Does It Work?

The Pre-Installed Security App in Xiaomi Smartphones which is used by a hacker to turn it into malware or virus such as ransomware is just because of insecure data transfer protocol used in the ‘Guard Provider’ security application.

The pre-installed security application ‘Guard Provider’ was using an unsecured vulnerable HTTP protocol for downloading antivirus signature updates for the application. This allowed the attackers to take over the victim’s device using a man-in-the-middle attack.

However, this attack can be done only when both, the attacker and the victim are in the same Wi-Fi network area or if any one of them is sharing a hotspot and is connected and vice-versa.

Once they satisfy the above condition, the attacker may target the victim’s device and push in malicious code which will execute in the victim's device as a security update. This security update will carry as soon as the victim's smartphones receive the malicious code as any security application after receiving update definitions will always try to execute to the device as the first and foremost task.