Millions of Xiaomi Users Exposed to Security Threat 20 Native Apps Contains Vulnerabilities Heres All Details

Millions of Xiaomi smartphone and tablet users around the world were recently unknowingly exposed to a major security risk. A mobile security firm discovered 20 shocking vulnerabilities in various system components and pre-installed apps on Xiaomi devices. Hackers can exploit these vulnerabilities to gain unauthorized access to critical functionality and steal sensitive data such as user phone numbers and account details or even gain control over the entire device.

The oversecured have their Report has detailed how they have discovered more than a dozen vulnerabilities in Xiaomi devices. These vulnerabilities are spread across various system components and pre-installed apps, allowing hackers to steal sensitive data such as users’ personal data and bank details. To be precise, these potential vulnerabilities include those within the Settings app in Xiaomi devices and the GetApps store, Xiaomi’s pre-installed app marketplace.

The vulnerabilities affect both MIUI and HyperOS. For those who don’t know, HyperOS is a rebranded version of Xiaomi’s existing MIUI. The full list of affected apps is given below, but some of the popular apps include Xiaomi’s Gallery, Mi Video and Settings apps. Interestingly, some of the vulnerabilities arise from the patching of Xiaomi’s AOSP (Android Open Source Project) apps, indicating the need for deep testing and security solutions during the patching process.

The security firm said in its report that “Xiaomi’s flaw allowed arbitrary activities such as access to receivers and services with system privileges, theft of arbitrary files with system privileges, disclosure of phone, settings and Xiaomi account data.”

One of the major flaws discovered could also allow hackers to leak information about Bluetooth devices, connected Wi-Fi networks, and emergency contacts.

Oversecured disclosed the flaws to Xiaomi within a 5-day deadline at the end of April 2023. There is currently no official confirmation from Xiaomi regarding the patch. However, Xiaomi has a good track record of promptly fixing flaws, as the company recently also promptly fixed some of the vulnerabilities discovered by Microsoft.

Until then, if you own a Xiaomi device, there are a few things you can keep in mind, such as keeping your device updated to the latest security patch by going to the ‘Software Update’ tap inside the phone’s settings. Also, download and install apps only from trusted stores.