UPDATE: Official Statement from Xiaomi below
“Protecting the data security and privacy of our users is the top priority. Xiaomi has remediated all vulnerabilities reported by the Oversecured team and has ensured that no user is exposed to risk posed by these vulnerabilities. Users are always advised to update their devices to the latest version of software which offers security updates.“
Xiaomi, one of the leading smartphone manufacturers globally, has recently come under scrutiny due to the discovery of 20 vulnerabilities affecting its devices. These vulnerabilities, if exploited, could lead to the leakage of sensitive user information and potentially allow for remote control of affected devices. It’s imperative for Xiaomi to address these vulnerabilities promptly to ensure the security of its users data.
Dangerous vulnerabilities in Xiaomi devices
The vulnerabilities affect both MIUI and HyperOS, with HyperOS being essentially a rebranded version of MIUI. The affected apps include familiar ones like Gallery, Mi Video, and Settings, among others. Interestingly, some vulnerabilities stem from Xiaomi’s patching of AOSP (Android Open Source Project) apps, indicating a need for more thorough testing and security measures during the patching process. List of applications that cause security vulnerabilities:
- Gallery (com.miui.gallery)
- GetApps (com.xiaomi.mipicks)
- Mi Video (com.miui.videoplayer)
- MIUI Bluetooth (com.xiaomi.bluetooth)
- Phone Services (com.android.phone)
- Print Spooler (com.android.printspooler)
- Security (com.miui.securitycenter)
- Security Core Component (com.miui.securitycore)
- Settings (com.android.settings)
- ShareMe (com.xiaomi.midrop)
- System Tracing (com.android.traceur)
- Xiaomi Cloud (com.miui.cloudservice)
While no system can claim to be completely impervious to vulnerabilities, Xiaomi’s response is crucial. The company has already demonstrated a proactive approach by swiftly releasing updates to patch significant vulnerabilities, such as those reported by Microsoft regarding Xiaomi’s file manager. This responsiveness is commendable and instills confidence that Xiaomi is committed to addressing security concerns promptly.
However, it’s essential for Xiaomi to maintain vigilance and continue to prioritize security in its software development processes. Regular security audits, timely patches, and transparent communication with users regarding security updates are essential practices for any modern tech company, especially one of Xiaomi’s stature.
Although the recent vulnerabilities raise concerns, Xiaomi’s efforts to address them promptly and transparently are important. The brand is expected to fix these vulnerabilities immediately.
Related:
- Xiaomi Civi 4 Pro Disney Princess Edition may launch soon
- Xiaomi 15 Pro to boast a periscope telephoto camera, a 2K micro-curved screen
- Redmi K40 receives official Xiaomi HyperOS update, but it’s based on Android 13
- Xiaomi 15 Launch: Upcoming HyperOS flagship phone may arrive in October
- Xiaomi 14 Ultra now available at discounted price of $899 at Giztop
(Via)
