Bad news for Xiaomi users! It’s too late now


smartphone manufacturer xiaomi, faced a security vulnerability that affects many devices. It has been revealed that the company, which has attracted attention with its important models recently, has a security vulnerability in its mobile payment. This vulnerability can cost users their money.

Vulnerability found

CPR cybersecurity experts found vulnerability in some Xiaomi phones
Mobile payment is a very common form of payment nowadays. For convenience, we make mobile payments on a daily basis, leaving aside various uncertainties and doubts. However From Check Point Research (CPR) Cybersecurity experts found vulnerabilities in some Xiaomi phones.

Destination: Payment methods

Experts exploit this vulnerability in the mobile payment mechanism of devices for threat actors to sign fraudulent payments and steal users’ money. Checkpoint Security Researcher Slava Makkaveev, made a statement on the matter. “We discovered a number of vulnerabilities that could allow forgery of payment packages or direct deactivation of the payment system from an unprivileged Android application.” said.

CPRAccording to the report, the open is the one that stores sensitive information such as passwords and security keys. Xiaomi’of the Trusted Environment’appeared in According to this vulnerability, there are two ways to get users’ money. One of them is to provide malware downloads or directly examine the device itself.

Code is being used

The first type of attack is a malicious user-installed Android comes from the app. In this case, the app sends a fake payment package to get the keys and steal the money. The second attack method involves physically taking over the device by the attacker. If it is not physically possible to take over, it can root the device. In addition, it can lower the environment of trust. He can then use his code to create a fake payment package without the app.

makkaveev, to fix the problem after finding the defect Xiaomiinformed the . “We have disclosed our findings to Xiaomi, which is working quickly to issue a fix.” After that, Xiaomi fixed the security vulnerabilities instantly.

.