Cybersecurity researchers have identified a series of security vulnerabilities in Xiaomi smartphones, potentially exposing users to hacking threats. The flaws, totaling 20 in number, stem from Xiaomi’s implementation of Google’s Android operating system. While Xiaomi has since addressed these vulnerabilities, users are strongly advised to update their devices promptly.
According to Sergey Toshin, founder of Oversecured, a mobile security startup, the vulnerabilities span various aspects of Xiaomi’s software, including the settings app and Bluetooth software. The most critical flaws could grant attackers “system privileges,” enabling them to pilfer user passwords and access private files. Despite the severity of these vulnerabilities, Toshin believes they have not been exploited by malicious actors.
Toshin highlighted the potential methods hackers might use to exploit these vulnerabilities, such as deploying malicious apps via phishing or through third-party app marketplaces like Google Play. Once installed, these malicious apps could exploit the vulnerabilities to intercept social network messages, gather user contacts, and retrieve information about connected Bluetooth devices.
Oversecured promptly notified Xiaomi of these vulnerabilities after testing them on a Xiaomi 13 Ultra device. Xiaomi swiftly patched the vulnerabilities within a week of disclosure, ensuring user security. However, Toshin suggested that Xiaomi could enhance its security measures by offering more substantial rewards to hackers participating in its bug bounty program, which currently offers lower payouts compared to industry standards.
In response, a Xiaomi spokesperson emphasized the company’s commitment to security, highlighting its collaboration with Google and HackerOne to bolster Android system security. Nonetheless, Toshin stressed the importance of investing more resources in device security to mitigate potential risks effectively.
Cybersecurity threats will always remain as long as technology remains, however, prompt updates and proactive security measures are also crucial for safeguarding user data and maintaining the integrity of smartphone ecosystems.