Mobile app security firm Oversecured has discovered 20 dangerous vulnerabilities in Xiaomi devices that could lead to sensitive data leaks such as personal information and private phone data. If left unchecked, these security flaws could also lead to remote access to your device.
However, Oversecured was quick to inform Xiaomi about these security issues and the company has already released a fix for them. But it could still pose a threat to those who haven’t updated their phones or have not received the latest security patch yet.
The security flaws impact both MIUI and HyperOS, with the latter being a rebranded version of MIUI. Affected applications include well-known ones such as Gallery, Mi Video, Settings, and several others. Interestingly, some of these vulnerabilities originate from Xiaomi’s modifications to AOSP (Android Open Source Project) applications, highlighting the need for more rigorous testing and enhanced security protocols during the update process.
Here is the list of affected applications:
- Gallery (com.miui.gallery)
- GetApps (com.xiaomi.mipicks)
- Mi Video (com.miui.videoplayer)
- MIUI Bluetooth (com.xiaomi.bluetooth)
- Phone Services (com.android.phone)
- Print Spooler (com.android.printspooler)
- Security (com.miui.securitycenter)
- Security Core Component (com.miui.securitycore)
- Settings (com.android.settings)
- ShareMe (com.xiaomi.midrop)
- System Tracing (com.android.traceur)
- Xiaomi Cloud (com.miui.cloudservice)
Since all of these are system apps, they have more privileges than third-party apps, meaning attackers could use their vulnerabilities to access all applications installed on a device. As mentioned earlier, most of these flaws originated from Xiaomi’s modifications to the underlying AOSP apps.
The list of vulnerabilities on these apps included the ability to start arbitrary components, OS commanding, theft of arbitrary files, leaking information about Bluetooth devices, memory corruption, insecure activity starts, and more.
Xiaomi has released fixes for these issues already, and we recommend keeping your Xiaomi devices up to date to avoid any possible security flaws.
