Xiaome Mi4 Detected with Preinstalled Malware

Bluebox, a
mobile-security firm has discovered preinstalled malware and a host
of other security issues with Xiaomi Mi 4 device. It seems that
mobile device has been tampered by an unidentified third party.


Bluebox
seeked to contact Xiaomi but did not get any response. Using some
antivirus scanners, Bluebox detected that there were at least six
suspicious apps were installed in the phone.


Xiaomi Mi4 Detected with pre installed malware
One of the
applications was Yt Service which fills the device with invasive ads
which tricks the phone into thinking that it comes directly from
Google, which would
likely reduce user’s fears about the program.


The
researcher also found risky software which was classified as Trojan
that disguises itself as a verified Google application and
allows hackers to hijack the phone. 

P { margin-bottom: 0.08in; }

The
device was further tested for further vulnerabilities. Andrew Blaich,
Bluebox’s lead security analyst said that Mi 4’s operating
system is a non-certified version of Android and is
therefore subject to a number of flaws. Some of the bugs
and security issues were discovered to be specific to
old Android software, not its current release, leading them to
believe that the OS was a mashup between the new
KitKat 4.4.4. and an older form of Android.

The
vulnerabilities may exist due to the reason that smartphone uses
Xiaomi’s own open-source MIUI build of Android, which has not been
certified by Google. Android is actually open-source Linux software,
and anyone can take the stock Android image and build on it.

The result
is that the Xiaomi Mi4 is an exploitable jumble of two different
versions of Android, KitKat and Jelly Bean, and is hostilely
vulnerable to security faults from each. 
The analysis
of the signatures of the apps creates a suspicion that the device may
have been tempered because the signatures seem to differ from
the manufacturer’s signing key.

Ehacking Staff
With more than 50 global partners, we are proud to count the world’s leading cybersecurity training provider. EH Academy is the brainchild of Ehacking, which has been involved in the field of training since the past Five years and continues to help in creating professional IT experts.

Most Popular

How To Create A Virtual Penetration Testing Lab At Home

In this article, I will demonstrate how to create your own virtual penetration testing lab at home. Creating a pentesting lab is must for...

The Importance of Cyber Security in The Medical Device Industry

Medical devices are a revolutionary aspect of healthcare - they connect doctors and patients, help diagnose and treat diseases. Some - like ECMO machines...

Top 5 Techniques Hackers Use to hack Social Media Accounts

These days, Social Media have become a significant need in our everyday life. It encourages us to associate and connect with anyone over the...

5 Top Programming Languages for Hacking

We live in the 21st century, which is very fast-changing. This is a century of competition for information and computing resources. Every year the...