Pre-Installed Antivirus App on Xiaomi Phones Causes Hacks
A pre-installed antivirus app on Xiaomi phones could end up causing hacking attacks, researchers have found.
Researchers at security firm Check Point have discovered a vulnerability in Guard Provider, a pre-installed security app that exposes Xiaomi phones to cyberattacks.
A Check Point blog post dated April 4, 2019, explains, “Check Point Research recently discovered a vulnerability in one of the preinstalled apps in one of the world’s biggest mobile vendors, Xiaomi, which with almost 8% market share ranks third in the mobile phone market. Ironically, it was the pre-installed security app, ‘Guard Provider’ (com.miui.guardprovider), which should protect the phone by detecting malware, which actually exposes the user to an attack.”
“Briefly put, due to the unsecured nature of the network traffic to and from Guard Provider, a threat actor could connect to the same Wi-Fi network as the victim and carry out a Man-in-the-Middle (MiTM) attack. Then, as part of a third-party SDK update, he could disable malware protections and inject any rogue code he chooses such to steal data, implant ransomware or tracking or install any other kind of malware,” the blog post reads further.
The Guard Provider security app includes three different antivirus programs packed inside it- Avast, AVL, and Tencent. Users can choose one of these. The Guard Provider app uses several SDKs (Software Development Kits) for this. As per researchers, this is a risk as the data of one SDK cannot be isolated and hence private storage data of one of the SDKs can be accessed by another. Similarly, an issue affecting one of the SDKs could compromise the protection that the other SDKs provide. This, according to the Check Point researchers, is because the various SDKs used in one app share the app context and permissions.
The Guard Provider app, before the vulnerability was detected, pointed out and consequently patched, used to download antivirus signature updates through an unsecured HTTP connection. This would help hackers sitting on open Wi-Fi networks to intercept a device’s network connections, carry out MITM (Man in the Middle) attacks and push malicious updates. Check Point researchers reportedly managed to successfully execute remote code on a targeted Xiaomi device by exploiting four different issues in two different SDKs available within the Guard Provider app.
The Check Point blog post notes, “While minor bugs in each individual SDK can often be a standalone issue, when multiple SDKs are implemented within the same app it is likely that even more critical vulnerabilities will not be far off.”
Xiaomi, on being informed about the issue, has patched it and users must update their security software promptly. That would solve the current issue. But still, when it’s proved that the very software that should guard you against threats and attacks could lead to cyberattacks, it’s not a small issue at all. It raises serious concerns about smartphone cybersecurity.