From CNET: One of China's largest phone makers had a glaring security flaw for hackers to pounce on, researchers said.
On Thursday, security researchers from Check Point disclosed a vulnerability with Xiaomi's phones, stemming from its preinstalled Guard Provider app. The app is intended to be a security feature -- with three antivirus programs packed inside to detect malware. Those antivirus scanners included Avast, AVL and Tencent.
But the security feature introduced a vulnerability, Check Point researcher Slava Makkaveev said.
Guard Provider gets its updates through an unsecured HTTP connection, he said. That means that if a potential attacker was on the same Wi-Fi network, the hacker could insert malware in those updates through a "man-in-the-middle attack." That's when a rogue network is set up to look exactly like the one you're connected to, and tricks the victim's device into connecting to the fake Wi-Fi.
Check Point said it's disclosed this vulnerability to Xiaomi, and that the phone maker has released a patch to fix the flaw.
View: Article @ Source Site
