Xiaomi Data Breach | Breaking Cybersecurity News | The Hacker News

Millions of Xiaomi smartphones are vulnerable to a dangerous remote code execution (RCE) vulnerability that could grant attackers complete control of handsets. The vulnerability, now patched, exists in MIUI – Xiaomi's own implementation of the Android operating system – in versions prior to MIUI Global Stable 7.2 which is based on Android 6.0. The flaw, discovered by IBM X-Force researcher David Kaplan, potentially allows attackers with privileged network access, such as cafe Wi-Fi, to install malware remotely on the affected devices and fully compromise them. Researchers found some apps in the analytics package in MIUI, which can be abused to provide malicious ROM updates remotely through a man-in-the-middle attack. " The vulnerability we discovered allows for a man-in-the-middle attacker to execute arbitrary code as the highly privileged Android 'system' user, " researchers say. Researchers say they discovered vulnerable analytics packages in at lea

China's number one — and the world's 3rd largest — smartphone manufacturer, Xiaomi , which is trying to make inroads into India's booming mobile phone market, was found secretly sending users' personal data , including IMEI numbers, phone numbers and text messages to the web servers back to Beijing in China. INDIA AND TAIWAN vs XIAOMI This issue raised higher concerns across many countries, proactively in India, Singapore and Taiwan. The Indian Air Force (IAF) — among the largest in the world — warned its employees and their belongings that their private information was being shipped over to servers in China, and asked them to avoid using Xiaomi smartphones due to security risk. Taiwanese Government underlined similar concerns before Xiaomi's launch in India. Xiaomi is facing an investigation in Taiwan for alleged cyber security threat, as a result of which last month the Taiwanese government decided to ban the company due to several privacy controversies. When i