Vulnerability in Xiaomi's pre-installed apps could affect more than 150 million devices

A vulnerability that could allow man-in-the-middle attacks and the injection of malicious code has been found in a pre-installed app on devices manufactured by Xiaomi, one of the biggest mobile vendors. The flaw, uncovered by researchers at Check Point is -- somewhat ironically -- in the pre-installed security app, 'Guard Provider', which is meant to protect the phone from malware. Due to the unsecured nature of the network traffic to and from the Guard Provider app and the use of multiple SDKs within the same app, a threat actor could connect to the same Wi-Fi network as the victim and… [Continue Reading]