Xiaome Mi4 Detected with Preinstalled Malware

Bluebox, a
mobile-security firm has discovered preinstalled malware and a host
of other security issues with Xiaomi Mi 4 device. It seems that
mobile device has been tampered by an unidentified third party.


Bluebox
seeked to contact Xiaomi but did not get any response. Using some
antivirus scanners, Bluebox detected that there were at least six
suspicious apps were installed in the phone.


Xiaomi Mi4 Detected with pre installed malware
One of the
applications was Yt Service which fills the device with invasive ads
which tricks the phone into thinking that it comes directly from
Google, which would
likely reduce user’s fears about the program.


The
researcher also found risky software which was classified as Trojan
that disguises itself as a verified Google application and
allows hackers to hijack the phone. 

P { margin-bottom: 0.08in; }

The
device was further tested for further vulnerabilities. Andrew Blaich,
Bluebox’s lead security analyst said that Mi 4’s operating
system is a non-certified version of Android and is
therefore subject to a number of flaws. Some of the bugs
and security issues were discovered to be specific to
old Android software, not its current release, leading them to
believe that the OS was a mashup between the new
KitKat 4.4.4. and an older form of Android.

The
vulnerabilities may exist due to the reason that smartphone uses
Xiaomi’s own open-source MIUI build of Android, which has not been
certified by Google. Android is actually open-source Linux software,
and anyone can take the stock Android image and build on it.

The result
is that the Xiaomi Mi4 is an exploitable jumble of two different
versions of Android, KitKat and Jelly Bean, and is hostilely
vulnerable to security faults from each. 
The analysis
of the signatures of the apps creates a suspicion that the device may
have been tempered because the signatures seem to differ from
the manufacturer’s signing key.

Ehacking Staff
With more than 50 global partners, we are proud to count the world’s leading cybersecurity training provider. EH Academy is the brainchild of Ehacking, which has been involved in the field of training since the past Five years and continues to help in creating professional IT experts.

Most Popular

How to Install Kali Linux on VirtualBox [Windows Host] in 2020

Kali Linux is a Debian based Linux distribution, released on the 13th March 2013 as a complete rebuild of BackTrack Linux. It is one of...

Acunetix v13 Release Introduces Groundbreaking Innovations

The newest release of the Acunetix Web Vulnerability Scanner further improves performance and premieres best-of-breed technologies London, United Kingdom – February 5, 2019 – Acunetix,...

What is Ethical Hacking, how to be an Ethical Hacker

Hacking is the process of discovering vulnerabilities in a system and using these found vulnerabilities by gaining unauthorized access into the system to perform...

Basic steps to ensure security Online!

Security concerns are growing day by day due to the growing interconnectivity and technology. Drastic things can happen if you be a little careless...