Millions of Xiaomi Users Exposed to Security Threat 20 Native Apps Contains Vulnerabilities Heres All Details

Millions of Xiaomi smartphone and tablet users around the world were unknowingly exposed to a major security risk until recently. A mobile security firm discovered 20 shocking vulnerabilities in various system components and pre-installed apps on Xiaomi devices. Hackers can exploit these vulnerabilities to gain unauthorized access to critical functionality and steal sensitive data such as a user’s phone number and account details, or even gain control of the entire device.

Oversecured has Report Explained in detail how they have discovered more than a dozen flaws in Xiaomi devices. These vulnerabilities are spread across various system components and pre-installed apps, allowing hackers to steal users’ personal data and sensitive data like bank details. To be precise, Xiaomi devices contain these potential vulnerabilities within the Settings app and the GetApps store, Xiaomi’s pre-installed app marketplace.

The flaws affect both MIUI and HyperOS. For those who don’t know, let us tell you that HyperOS is a rebranded version of Xiaomi’s existing MIUI. The complete list of affected apps is given below, but if we talk about some popular apps, these include Xiaomi’s Gallery, Mi Video and Settings apps. Interestingly, some of the vulnerabilities arise from patching of Xiaomi’s AOSP (Android Open Source Project) apps, indicating the need for deep testing and security solutions during the patching process.

The security firm said in its report that “Xiaomi’s flaws allowed arbitrary activities such as unauthorized access to receivers and services with system privileges, theft of arbitrary files with system privileges, disclosure of phone, settings and Xiaomi account data.”

One of the major flaws discovered could also allow hackers to leak information about Bluetooth devices, connected Wi-Fi networks, and emergency contacts.

Oversecured had disclosed the flaws to Xiaomi within a 5-day deadline at the end of April 2023. At present there is no official confirmation from Xiaomi regarding the patch. However, Xiaomi’s track record of quickly fixing bugs is good, as the company also quickly fixed some of the bugs discovered by Microsoft recently.

Till then, if you own a Xiaomi device, you can take care of a few things like keeping your device updated to the latest security patches, for which you can tap on ‘Software Update’ inside the phone’s Settings. Also, download and install apps only from trusted stores.