Pre-Installed Security App Puts 150 Million Xiaomi Smartphone Users At Risk
Cybercriminals are increasingly going after mobile users by hiding malware in applications and trying to upload the nefarious apps to the Google Play Store. As if this isn’t bad enough, a new incident involving Chinese smartphone manufacturer Xiaomi exposes an even more potent threat, namely that of malicious or poorly secured pre-installed apps that cannot be deleted.
Researchers with Check Point recently discovered that Xiaomi’s Guard Provider, a security app that comes pre-installed on the company’s mobile devices, contained a critical vulnerability that puts 150 Million Xiaomi smartphone owners at risk of Man-in-the-Middle (MitM) attacks that can enable threat actors to steal user credentials and other sensitive information from affected devices, and also push ransomware an other malicious software. After being notified by Check Point, Xiaomi has now issued a patch for the Guard Provider. Because users cannot delete the app, they need to make sure to update to the safe version.