Xiaome Mi4 Detected with Preinstalled Malware

Bluebox, a
mobile-security firm has discovered preinstalled malware and a host
of other security issues with Xiaomi Mi 4 device. It seems that
mobile device has been tampered by an unidentified third party.


Bluebox
seeked to contact Xiaomi but did not get any response. Using some
antivirus scanners, Bluebox detected that there were at least six
suspicious apps were installed in the phone.


Xiaomi Mi4 Detected with pre installed malware
One of the
applications was Yt Service which fills the device with invasive ads
which tricks the phone into thinking that it comes directly from
Google, which would
likely reduce user’s fears about the program.


The
researcher also found risky software which was classified as Trojan
that disguises itself as a verified Google application and
allows hackers to hijack the phone. 

P { margin-bottom: 0.08in; }

The
device was further tested for further vulnerabilities. Andrew Blaich,
Bluebox’s lead security analyst said that Mi 4’s operating
system is a non-certified version of Android and is
therefore subject to a number of flaws. Some of the bugs
and security issues were discovered to be specific to
old Android software, not its current release, leading them to
believe that the OS was a mashup between the new
KitKat 4.4.4. and an older form of Android.

The
vulnerabilities may exist due to the reason that smartphone uses
Xiaomi’s own open-source MIUI build of Android, which has not been
certified by Google. Android is actually open-source Linux software,
and anyone can take the stock Android image and build on it.

The result
is that the Xiaomi Mi4 is an exploitable jumble of two different
versions of Android, KitKat and Jelly Bean, and is hostilely
vulnerable to security faults from each. 
The analysis
of the signatures of the apps creates a suspicion that the device may
have been tempered because the signatures seem to differ from
the manufacturer’s signing key.

Ehacking Staff
With more than 50 global partners, we are proud to count the world’s leading cybersecurity training provider. EH Academy is the brainchild of Ehacking, which has been involved in the field of training since the past Five years and continues to help in creating professional IT experts.

Most Popular

Become a spy in your own right with Xnspy Android spying app

Having become widely popular among parents and employers, spying apps have become quite the norm nowadays. Android spying apps have made it a lot...

e-Services Portals Potentially Expose Government Infrastructure to File-based Attacks

More and more users are embracing technology to perform their day-to-day activities. It’s not only private businesses that are forced to establish digital channels...

What is Nmap? How to use Nmap for Information Gathering

Nmap stands for Network Mapper, a powerful network scanning and host detection tool that is being used to perform reconnaissance in a very first...

Digital Forensics Investigation using Autopsy In Kali Linux

Autopsy is one of the digital forensics tools use to investigate what happened on a computer. It offers a GUI access to variety of...