Xiaomi Phone Bug Enables Theft

Making payments from mobile devices makes it possible for a malicious app to steal money from your digital wallet. Now, Smartphone maker Xiaomi, the world’s number three phone maker behind Apple and Samsung, has reported it has patched a high-severity flaw in its “trusted environment” used to store payment data that opened some of its handsets to attack.

In a recently released report Check Point researchers have revealed that a flaw in the smartphone maker Xiaomi's operating software could lead to mobile transactions being disabled, replicated and even forged by attackers. 

The company has now patched the vulnerability, which was contained in the part of the operating system used to store user payment data. If exploited, the flaw would have allowed attackers to hijack the mobile payment system. This could potentially lead to forged transactions initiated by the attacker. 

The potential pool of victims is huge, considering the popularity of Xiaomi smartphones, and could be incredibly disruptive to consumers. 

Check Point’s study marks the first time that Xiaomi’s trusted applications have been found to contain security issues. All users should implement the patch by updating their software immediately to make sure that their systems are up to date. 

CheckPoint:      Threatpost:        Oodaloop:     TechRadar:        VPNOverview:

You Might Also Read: 

Cyber Criminals Increasingly Focus On Mobile Devices:

 

« BlackByte Ransomware Group Have An Update
Microsoft Disrupts Russian Spies »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

CIO

CIO

CIO provides technology and business leaders with insight and analysis on information technology trends

OCERT

OCERT

OCERT is the National Computer Emergency Response Team of Oman.

CybelAngel

CybelAngel

CybelAngel is a leading digital risk protection platform that detects and resolves external threats before these wreak havoc.

Sogeti

Sogeti

Sogeti deliver solutions that enable digital transformation and offer cutting-edge expertise in Cloud, Cybersecurity, Digital Manufacturing, Quality Assurance, Testing, and emerging technologies.

VisionWare

VisionWare

VisionWare provide consulting services and solutions in areas covering both physical and digital security.

DefenseStorm

DefenseStorm

DefenseStorm is a Security Data Platform that watches everything on your network and matches it to your policies, providing cybersecurity management that is safe, compliant and cost effective.

ComCERT

ComCERT

ComCERT SA is an independent, private consulting company focusing in the assistance of its customers facing the dangers of cyber threats and security incidents.

RHEA Group

RHEA Group

RHEA Group offers aerospace and security engineering services and solutions, system development, and technologies including cyber security.

Council of Europe Convention on Cybercrime

Council of Europe Convention on Cybercrime

The Council of Europe helps to protect societies worldwide from the threat of cybercrime through the Convention on Cybercrime.

Tines

Tines

The Tines security automation platform helps security teams automate manual tasks, making them more effective and efficient.

Ukrainian Special Systems (USS)

Ukrainian Special Systems (USS)

Ukrainian Special Systems (USS) is a state-owned commercial enterprise providing confidential communication, trust services and services in the field of information protection.

Loki Labs

Loki Labs

Loki Labs provides expert cyber security solutions and services, including vulnerability assessments & penetration testing, emergency incident response, and managed security.

Mjenzi Cloud

Mjenzi Cloud

Mjenzi Cloud is a provider of cloud IaaS solutions including managed backup services, affordable & secure cloud virtual compute/storage/compute services, bare-metal services and cloud security.

Forever Group

Forever Group

Forever Group is a Managed Services Provider specialising in Telecommunications, IT Support, and Cyber Security.

Berezha Security Group (BSG)

Berezha Security Group (BSG)

BSG is a cybersecurity consulting firm specializing in all aspects of application security and penetration testing.

Paubox

Paubox

Paubox offers secure, HIPAA compliant email and marketing solutions to fit the needs of modern healthcare organizations of every size.