Xiaomi's MIUI Has Some Security Flaws, Research Firm Says

Xiaomi's MIUI firmware has several security flaws, according to cyber security firm eScan. In a research published earlier this month, the company detailed a number of vulnerabilities that it believes hackers and even some less tech-savvy individuals with malicious intentions could exploit to compromise the privacy of people using Xiaomi's mobile software suite. One of the main problems outlined by the paper pertains to the manner in which MIUI manages apps with administrator privileges, with eScan stating that MIUI allows users to delete such apps without any authentication, consequently allowing anyone to do so as long as the device is unlocked. This lack of additional protection mechanisms endangers the ability of anti-theft services to work since thieves have a better chance of deleting them once they're in the possession of a stolen device.

Another issue identified by eScan is specifically associated with the Mi-Mover app which overrides Android's sandbox protection feature in an effort to transfer all apps and data from a device running MIUI to any other one powered by Android 4.2 Jelly Bean or later versions of Google's operating system. The app itself is secured by an additional password but if it's used for transferring data between two MIUI devices, it will clone all information from the first device, even sensitive system data. Likewise, the paper noted a number of minor security vulnerabilities that are also related to MIUI's supposedly insufficient protection mechanisms and are detailed in the full report that can be accessed by following the source link below.

The authors of the research submitted their findings to Xiaomi and numerous app developers and cyber security specialists in mid-July, seeking a peer review of their findings. The Chinese original equipment manufacturer (OEM) later issued a comment on eScan's conclusions, stating that all users are strongly advised to lock their devices in order to keep them protected. Xiaomi added that the Mi-Mover vulnerability can hardly be categorized as such since the app has two layers of protection, whereas all other findings require hackers to have physical access to a MIUI device, i.e. pertain to scenarios in which no software can guarantee absolute security. eScan's tests were performed on a number of Xiaomi and third-party devices running MIUI, though the firm didn't specify which particular build of the firmware was scrutinized as part of its research. MIUI 9 was only announced recently and is set to start hitting the stable channel in Xiaomi's home country tomorrow, though the worldwide rollout of its international version still doesn't have a specific date attached to it.

Copyright ©2019 Android Headlines. All Rights Reserved
This post may contain affiliate links. See our privacy policy for more information.
You May Like These
More Like This:
About the Author
2018/10/2018-10-23.jpg

Dominik Bosnjak

Head Editor
Dominik started at AndroidHeadlines in 2016 and is the Head Editor of the site today. He’s approaching his first full decade in the media industry, with his background being primarily in technology, gaming, and entertainment. These days, his focus is more on the political side of the tech game, as well as data privacy issues, with him looking at both of those through the prism of Android. Contact him at [email protected]
Android Headlines We Are Hiring Apply Now