Xiaomi Phone Bug Enables Theft

Uploaded on 2022-08-23 in TECHNOLOGY--Hackers, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

Making payments from mobile devices makes it possible for a malicious app to steal money from your digital wallet. Now, Smartphone maker Xiaomi, the world’s number three phone maker behind Apple and Samsung, has reported it has patched a high-severity flaw in its “trusted environment” used to store payment data that opened some of its handsets to attack.

In a recently released report Check Point researchers have revealed that a flaw in the smartphone maker Xiaomi's operating software could lead to mobile transactions being disabled, replicated and even forged by attackers. 

The company has now patched the vulnerability, which was contained in the part of the operating system used to store user payment data. If exploited, the flaw would have allowed attackers to hijack the mobile payment system. This could potentially lead to forged transactions initiated by the attacker. 

The potential pool of victims is huge, considering the popularity of Xiaomi smartphones, and could be incredibly disruptive to consumers. 

Check Point’s study marks the first time that Xiaomi’s trusted applications have been found to contain security issues. All users should implement the patch by updating their software immediately to make sure that their systems are up to date. 

CheckPoint:      Threatpost:        Oodaloop:     TechRadar:        VPNOverview:

You Might Also Read: 

Cyber Criminals Increasingly Focus On Mobile Devices:

 

« BlackByte Ransomware Group Have An Update
Microsoft Disrupts Russian Spies »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Tines

Tines

The Tines security automation platform helps security teams automate manual tasks, making them more effective and efficient.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

HackRead

HackRead

HackRead is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends.

DMH Stallard

DMH Stallard

DMH Stallard is a mid-market law firm. Areas of expertise include cyber security and cyber crime.

Ethio-CERT

Ethio-CERT

National Cyber Emergency Readiness and Response Team of Ethiopia.

Golden Frog

Golden Frog

Golden Frog is a Virtual Private Network services provider offering secure encrypted access to the internet.

StormWall

StormWall

StormWall is an Anti-DDoS protection service for websites and networks. We offer 100% protection from all types of DDoS attacks and 24/7 technical support.

CSIRT-IE

CSIRT-IE

CSIRT-IE is the body within the NCSC that provides assistance to constituents in responding to cyber security incidents at a national level for Ireland.

Cyber Security Centre - Daffodil International University

Cyber Security Centre - Daffodil International University

Cyber Security Centre, DIU is a non-profitable organization which is focused on applied research in cyber security.

StepStone

StepStone

StepStone is one of the leading online job platforms in Germany, and other countries, covering all industry sectors including IT and cybersecurity.

Cyber Command - Estonian Defence Forces

Cyber Command - Estonian Defence Forces

The main mission of the Cyber Command is to carry out operations in cyberspace in order to provide command support for Ministry of Defence’s area of responsibility.

Quantinuum

Quantinuum

Quantinuum is the combination of Cambridge Quantum with Honeywell Quantum Solutions, structured to drive the future of quantum computing.

Cyber Tzar

Cyber Tzar

Cyber Tzar is a new approach at dealing with an old problem; assessing and managing risks to your IT estate.

Effectiv

Effectiv

Effectiv is a real-time fraud & risk management platform for Financial Institutions and Fintechs.

Icon Information Systems (ICONIS)

Icon Information Systems (ICONIS)

ICONIS is an integrated infrastructure and service provider, offering unified Information Technology (IT) solutions globally.

Secure Domains

Secure Domains

Secure Domains is the first company in the GCC to offer cloud-based DNS firewall services and security through its flagship SaaS product, DNS Armor.

Staris

Staris

Human based defense is dead. Staris is reinventing application security for an increasingly AI driven world.

ZehnTek

ZehnTek

ZehnTek is a premier technology solutions provider, committed to offering comprehensive IT services tailored to meet the diverse needs of businesses.