Security News
Asian smartphone giant Xiaomi is now blocking Telegram from being installed on devices using its MIUI system and firmware interface. If an app is deemed malicious or dangerous, MIUI tries to remove the app from the device and block the installation.
Security flaws have been identified in Xiaomi Redmi Note 9T and Redmi Note 11 models, which could be exploited to disable the mobile payment mechanism and even forge transactions via a rogue Android app installed on the devices. Specifically, the Israeli cybersecurity firm discovered that a trusted app on a Xiaomi device can be downgraded due to a lack of version control, enabling an attacker to replace a newer, secure version of an app with an older, vulnerable variant.
Smartphone maker Xiaomi, the world's number three phone maker behind Apple and Samsung, reported it has patched a high-severity flaw in its "Trusted environment" used to store payment data that opened some of its handsets to attack. Researchers at Check Point Research revealed last week in a report released at DEF CON that the Xiaomi smartphone flaw could have allowed hackers to hijack the mobile payment system and disable it or create and sign their own forged transactions.
Security analysts have found security issues in the payment system present on Xiaomi smartphones that rely on MediaTek chips providing the trusted execution environment that is responsible for signing transactions. Considering how common mobile payments and Xiaomi phones are, especially in Asian markets, the money pool hackers could tap into is estimated to be in the billions of U.S. dollars.
Lithuania's National Cyber Security Centre has told its citizens to get rid of Xiaomi-made mobile devices amid fears that the Chinese company could remotely enable censorship tools. It has been established that during the initialisation of the system applications factory-installed on a Xiaomi Mi 10T device, these applications contact a server in Singapore at the address globalapi.
If you own a Xiaomi smartphone or have installed the Mi browser app on any of your other brand Android device, you should enable a newly introduced privacy setting immediately to prevent the company from spying on your online activities. The smartphone maker has begun rolling out an update to its Mi Browser/Mi Browser Pro and Mint Browser after concerns were raised over its practice of transmitting web browsing histories and device metadata to the company servers.
If you own a Xiaomi smartphone or have installed the Mi browser app on any of your other brand Android device, you should enable a newly introduced privacy setting immediately to prevent the company from spying on your online activities. The smartphone maker has begun rolling out an update to its Mi Browser/Mi Browser Pro and Mint Browser after concerns were raised over its practice of transmitting web browsing histories and device metadata to the company servers.
A Forbes report last week outlined how some Xiaomi Android phones track their owners' web browsing and online activities. It was claimed the handsets' bundled Xiaomi browser collects things like browsing history, search queries, and news feed activity, and sends the data off to servers in China, even in private incognito mode.
Google has temporarily disconnected Xiaomi's IP cameras from its Home Hub service after a user reported that he was seeing images from other people's devices. Reddit user u/Dio-V found that Xiaomi's Mijia 1080p IP camera was sending still images from other peoples' homes when he accessed it via his Google Home Hub.
Google last week disabled all Xiaomi integrations on Nest Hub after learning that some users could access other people's camera feeds. Although the Mi Home Security Camera Basic 1080p was found at fault, Google decided to disable all Xiaomi integrations on its devices.