Users of major Android brand warned over 20 ‘significant’ invisible threats lurking on their phones stealing data
DOZENS of security vulnerabilities have been discovered on a popular brand of Android devices, a cyber firm has warned.
The security gaps affect everyday apps like the Gallery, Video Player, Bluetooth, Phone Services, the Cloud, and several security settings.
Users are encouraged to keep their devices updated with the latest software to ensure they – and their data – is well protected[/caption]Popular Chinese brand Xiaomi, whose devices run on Google’s Android software, are harbouring invisible threats that could jeopardise its users data security, firm Oversecured has said.
In a report shared with The Hacker News, Oversecured wrote: “Our team discovered 20 dangerous vulnerabilities across various applications and system components that pose a threat to all Xiaomi users.
“The vulnerabilities in Xiaomi led to access to arbitrary activities, receivers and services with system privileges, theft of arbitrary files with system privileges, [and] disclosure of phone, settings and Xiaomi account data.”
The 20 security holes can be found within different apps and components, including:
- Gallery (com.miui.gallery)
- GetApps (com.xiaomi.mipicks)
- Mi Video (com.miui.videoplayer)
- MIUI Bluetooth (com.xiaomi.bluetooth)
- Phone Services (com.android.phone)
- Print Spooler (com.android.printspooler)
- Security (com.miui.securitycenter)
- Security Core Component (com.miui.securitycore)
- Settings (com.android.settings)
- ShareMe (com.xiaomi.midrop)
- System Tracing (com.android.traceur), and
- Xiaomi Cloud (com.miui.cloudservice)
One of the larger flaws discovered could allow hackers to leak information about Bluetooth devices, connected Wi-Fi networks, and emergency contacts.
The Mi Video app has been found to send Xiaomi account information, such as username and email address via broadcasts – which could be intercepted by a third-party app.
While a memory corruption flaw in the GetApps app, that Xiaomi was reportedly alerted to over a year ago, also remains unchanged.
System changes made by the Chinese handset maker to include more features and functionality have lead to these flaws, according to Oversecured.
STAY PROTECTED
The team reported the most recently discovered cyber flaws to Xiaomi in late April.
Xiaomi should issue software patches for the bugs in the coming weeks to months.
Users are encouraged to keep their devices updated with the latest software to ensure they – and their data – is well protected.
Must-know Android tips to boost your phone
Get the most out of your Android smartphone with these little-known hacks: