The Hacker News Logo
Subscribe to Newsletter
CrowdSec

The Hacker News - Cybersecurity News and Analysis: Xiaomi Mi 4

Warning: Millions of Xiaomi Phones Vulnerable to Remote Hacking

Warning: Millions of Xiaomi Phones Vulnerable to Remote Hacking

July 12, 2016Mohit Kumar
Millions of Xiaomi smartphones are vulnerable to a dangerous remote code execution (RCE) vulnerability that could grant attackers complete control of handsets. The vulnerability, now patched, exists in MIUI – Xiaomi's own implementation of the Android operating system – in versions prior to MIUI Global Stable 7.2 which is based on Android 6.0. The flaw, discovered by IBM X-Force researcher David Kaplan, potentially allows attackers with privileged network access, such as cafe Wi-Fi, to install malware remotely on the affected devices and fully compromise them. Researchers found some apps in the analytics package in MIUI, which can be abused to provide malicious ROM updates remotely through a man-in-the-middle attack. " The vulnerability we discovered allows for a man-in-the-middle attacker to execute arbitrary code as the highly privileged Android 'system' user, " researchers say. Researchers say they discovered vulnerable analytics packages in at lea
Researchers Get Trolled by Chinese, Pre-Malwartized Xiaomi Mi4 was Duplicate

Researchers Get Trolled by Chinese, Pre-Malwartized Xiaomi Mi4 was Duplicate

March 09, 2015Swati Khandelwal
Recently a mobile-security firm Bluebox claimed that the brand new Xiaomi Mi4 LTE comes pre-installed with spyware /adware and a " forked " vulnerable version of Android operating system on top of it, however, the company denies the claim. Xiaomi , which is also known as Apple of China, provides an affordable and in-budget smartphones with almost all features that an excellent smartphone provides. On 5th March, when Bluebox researchers claimed to have discovered some critical flaws in Mi4 LTE smartphone, Xiaomi issued a statement to The Hacker News claiming that " There are glaring inaccuracies in the Bluebox blog post " and that they are investigating the matter. RESEARCHERS GET TROLLED BY CHINESE SELLERS Now, Xiaomi responded to Bluebox Labs by preparing a lengthy denial to their claims and said the new Mi4 smartphone purchased by Bluebox team in China (known as the birthplace of fake smartphones) was not an original Xiaomi smartphone but a coun
Xiaomi Mi 4 Smartphone Pre-loaded with Malware and Custom Android ROM

Xiaomi Mi 4 Smartphone Pre-loaded with Malware and Custom Android ROM

March 07, 2015Wang Wei
Once again the very popular and the world's third largest smartphone distributor Xiaomi , which had previously been criticized for secretly stealing users' information from the device without the user's permissions, has been found spreading malware . The top selling Android smartphone in China, Xiaomi Mi4 LTE , has been found to be shipped with pre-loaded spyware/adware and a "forked," or not certified, vulnerable version of Android operating system on top of that, according to a San Francisco-based mobile-security company, Bluebox. Xiaomi, which is also known as Apple of China, provides an affordable and in-budget smartphones with almost all features that an excellent smartphone provides. Just like other Xiaomi devices, Mi4 LTE smartphone seems to attract a large number of customers with more than 25,000 units sold out in just 15 seconds on India's online retailer Flipkart . Security Researcher Andrew Blaich of Bluebox firm revealed Thursday that the brand new
Online Courses and Software

Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox daily.