Its smartphones are highly popular in countries like India, China etc.
Bluebox researchers have found two very critical security problems with Xiaomi Mi4 LTE.
Yt Service
Yt Service is one such App, Bluebox researchers found to be particularly dangerous.
Bluebox says that Yt Service developer package being named com.google.hfapservice.
giving the impression that it is legit App developed by Google.
It is packaged as com egame.tonyCore.feicheng.
Bluebox researchers stated that the Mi45 was vulnerable to all the big flaws except Heartbleed.
Kaylene Hong, Communications Manager, Xiaomi reached out to us for this article.
This happens across all brands, affecting both Chinese and foreign smartphone companies selling in China.
We have so far not received meaningful reports of counterfeit Mi phones outside of China.
Like all other consumer electronics brands, we always recommend buying Mi phones through authorised channels.
All Xiaomi devices sold in China and international markets are fully Android compatible.
As Bluebox Labs mentioned in the original findings there is a hidden directory on the sdcard called .apk.
This is one method the ROM is using to bypass the verification app.
We confirmed this by installing the latest AntiFake app.
The gadget now reports as not legitimate which corroborates the findings from Xiaomi.
Bluebox Labs has been talking with the security team at Xiaomi.
The lessons learned in this endeavor come down to: responsible disclosure, supply chain, and authentication tools.
Xiaomi has assured us that they have now taken the necessary steps to monitor the account more closely.
Secondly, the supply chain in is called into question.
Read the full articleMalware-Ridden Xiaomi Mi4 LTE tested by Bluebox found to be fake.
source: www.techworm.net
