Beware! Xiaomi Phones Vulnerable: Patch to Stop Account Takeover

The cybersecurity firm Oversecured has uncovered vulnerabilities in Android applications from Xiaomi, affecting users globally.

The investigation revealed 20 vulnerabilities associated with unauthorized access to system data, file theft, and leakage of phone and account information. Some of these issues arose from errors in AOSP code modifications made by Xiaomi, including flaws in the System Tracing and Settings applications that could lead to data leaks regarding Wi-Fi and Bluetooth devices.

A Xiaomi representative stated that the company exerted significant effort to rectify the identified 20 vulnerabilities. As a result, all security issues have been resolved, and Xiaomi now assures that risks to users have been eliminated. Users are advised to install the latest software updates to ensure maximum protection.

Regarding Google, the company also encountered security issues within its AOSP code. Specifically, vulnerabilities were found in Pixel applications that could allow access to geolocation through the camera and to files via the WebView component. Google confirmed the resolution of these issues and emphasized the priority of user security, highlighting the importance of collaborating with security researchers to enhance the protection of the Android ecosystem.

However, some critics point out Google’s sluggishness in addressing vulnerabilities, suggesting that the company needs to improve its processes for developing and testing security updates.

Following this research, both companies have reaffirmed their commitment to enhancing the security level and data protection for users, underscoring the importance of prompt response to identified issues.