Researchers warn that Xiaomi devices are vulnerable to over 20 critical issues affecting applications and system components.
Security specialists notified the vendor regarding the flaws at the end of April 2023. For the moment, Xiaomi didn’t manage to fix all of them.
What are the vulnerable Xiaomi apps?
The Xiaomi vulnerabilities impact applications that common users access every day. Scrolling through photos, watching a video, or connecting to another device through Bluetooth can compromise the user’s data. According to TheHackerNews, the list of flawed apps on Xiaomi devices includes:
Gallery (com.miui.gallery)
GetApps (com.xiaomi.mipicks)
Mi Video (com.miui.videoplayer)
MIUI Bluetooth (com.xiaomi.bluetooth)
Phone Services (com.android.phone)
Print Spooler (com.android.printspooler)
Security (com.miui.securitycenter)
Security Core Component (com.miui.securitycore)
Settings (com.android.settings)
ShareMe (com.xiaomi.midrop)
System Tracing (com.android.traceur), and
Xiaomi Cloud (com.miui.cloudservice)
What risks do Xiaomi vulnerabilities pose
Researchers warn that four of the Xiaomi vulnerabilities reside in the Settings apps. This enables hackers to:
bind services to any app
read Wi-Fi and Bluetooth data
access system files
see Xiaomi account details, including phone numbers
Another set of four flaws impacts GetApps, Xiaomi’s App Store-like service. Hackers exploiting them would lead to memory corruption and exposing Xiaomi session tokens, for example.
Althoug researchers reported the memory corruption issue in April 2023, the developer didn’t yet release a patch.
However, Xiaomi did patch some of the reported vulnerabilities, so users should update their devices to latest versions as soon as possible.