Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Security Android China

Millions Of Xiaomi Phones at Risk Of Remotely Installed Malware (zdnet.com) 29

Zack Whittaker, reporting for ZDNet: Millions of Xiaomi phones are vulnerable to a flaw that could allow an attacker to remotely install malware. The vulnerability, now fixed, was found in the analytics package in Xiaomi's custom-built Android-based operating system. Security researchers at IBM, who found the flaw, discovered a number of apps in the package that were vulnerable to a remote code execution flaw through a man-in-the-middle attack -- one of which would allow an attacker to run arbitrary code at the system-level. In other words, an attacker could inject a link to a malicious Android app package, which is extracted and executed at the system level.
This discussion has been archived. No new comments can be posted.

Millions Of Xiaomi Phones at Risk Of Remotely Installed Malware

Comments Filter:
  • by Zombie Ryushu ( 803103 ) on Monday July 11, 2016 @11:58AM (#52489971)

    Are all MediaTek Phones vulnerable? I have a MediaTek Phone Produced by BLU. I'm wondering if I am vulnerable to this. The issue with BLU Phones is they are are rootable, but Cyanogen Mod does not support them very well. The Particular BLU Studio I have is discontinued.

    Of particular concern is that BLU Phones will soft brick if they are rooted and they OTA update without a complete reflash. My Phone is rooted, so it falls into this category where I can't OTA update it again.

    Re-flashing carries with it the hazard that if the NVRAM of the Phone is wiped out, the Phone loses its IMEI info, Bluetooth, and 802.11 MAC

    • Of particular concern is that BLU Phones will soft brick if they are rooted and they OTA update without a complete reflash. My Phone is rooted, so it falls into this category where I can't OTA update it again.

      you don't have an unroot? I can not only unroot my moto g trivially, but I can re-lock the bootloader.

  • Given how Xiaomi only sells their phones in Asia, I'm sure that the 1% or less of Slashdotters who live in a place where Xiaomi actually sells their phones and on top of that actually have a Xiaomi phone instead of a competitor's phone thank you.
    • by Anonymous Coward on Monday July 11, 2016 @12:21PM (#52490105)

      A lot of people import Xiaomi phones from China. They offer outstanding value for money and are amazingly high quality for the price.

      I use a Redmi Note 2 Prime which I bought for the equivalent of about £130 a year ago. The 5.5inch 1080p IPS screen is very good, the 13mp camera fives great photographs, and the 2.2GHz 8 core Helio X10 processor more than meets my needs. The battery life is good, and it also has a MicroSD expansion slot, which many phones annoyingly lack. MiUI is also a lot better than Android, except for the fact that they bizarrely chose to disable the mass storage mode when you connect the phone to your computer. Xiaomi are also much better at supporting their phones in the long term, and provide software updates for many years.

      Overall, I really can't understand why more people don't import Xiaomi phones since an equivalent phone in the UK would be about 2.5x to 4x the price.

      • by Anonymous Coward on Monday July 11, 2016 @12:25PM (#52490137)

        A lot of people import Xiaomi phones from China. They offer outstanding value for money and are amazingly high quality for the price.

        Overall, I really can't understand why more people don't import Xiaomi phones since an equivalent phone in the UK would be about 2.5x to 4x the price.

        Because they come with built in root kits?

      • Overall, I really can't understand why more people don't import Xiaomi phones ...

        because they don't (yet) support the 800 4G band.

    • I have one, and since I am writing what looks to me right now to be the 8th post here, 12.5% of posters have a Xiaomi!

      On the more serious side, I ordered mine (I live in the UK) from a Chinese seller who has a warehouse in the EU, and I know a few other people who ordered the same way (whether they are in UK, Greece, Netherlands etc).
      Specifically, I bought the Mi4 a year ago for a little over $200, i.e. less than half the cost of other flagship phones with comparable (or sometimes less) specs. Naturally, it

  • by Gojira Shipi-Taro ( 465802 ) on Monday July 11, 2016 @12:43PM (#52490271) Homepage

    With Chinese Government mandated backdoors in their "custom" Android build, no doubt.

    Color me SHOCKED.

  • by Ritz_Just_Ritz ( 883997 ) on Monday July 11, 2016 @01:35PM (#52490669)

    IT sure smells like a government mandated "feature" rather than a bug since the Chinese government can easily accomplish MitM attacks on Chinese networks.

  • I got a Xiaomi Mi 5 smartphone a while ago (bought via HonorBuy) and found out that the reseller had put a hacked (internationalised) Chinese ROM on my phone. This meant that my phone would not be getting any official Xiaomi updates, let alone frequent updates from the reseller.

    To solve this I had to create a Xiaomi account, ask Xiaomi permission to unlock bootloaders on their phones (received this after a few days) and perform a fastboot upgrade to the latest available Xiaomi international ROM.

    After th
  • Ha ha, that's hilarious! Errr, I mean, "How awful!!"

Put your Nose to the Grindstone! -- Amalgamated Plastic Surgeons and Toolmakers, Ltd.

Working...