Xiaomi MIUI having Major Security Flaws, Discovered by Security Firm

Xiaomi MIUI Security flaws

Xiaomi is presently one of the top 5 Android smartphone makers of the world, having more than 6% of market share. Millions of users across the world own Xiaomi devices. Therefore, both the company and the consumers must take note of the latest security flaws found in Xiaomi MIUI.

EScan Antivirus, the India-based security firm, has found vulnerabilities in terms of security regarding the Mi Mover app. The app enables you to transfer data and settings from any Android phone to your Xiaomi device.  It overrides the sandbox protection of Android in the process.

During the transfer between two Xiaomi MIUI phones, system data and confidential info such as payment details are swept aside. Within the transferring activity, the user needs to provide a password for the Mi Mover app. This helps in keeping all transferring information secure.

What the research of the security firm revealed is that the app didn’t ask for any kind of password. The Xiaomi MIUI devices included in the research were Mi Max 2 and Redmi 4A. This will open up possibilities for anyone to clone your app data and system with ease. All they need is to gain access to your unlocked Xiaomi phone.

Furthermore, the Xiaomi devices do not have any fallback protection from their respective systems. Another security issue is regarding the device-administrator apps. Given that your device falls into wrong hands, the security app asks for Android’s administrator’s permission before wiping off your device. This requires a password as well, which did not pop up during uninstalling the Cerberus anti-theft app, in the Mi Max 2.

Xiaomi MIUI says…

The company strongly disagreed with the aforementioned report. Its statement says that the company is always at par for ensuring that their devices stick to the privacy policy. The company advised users to use PIN, pattern lock, or fingerprint sensor for minimizing risks.

Source: Android Authority

Leave a Reply

Your email address will not be published. Required fields are marked *