Xiaomi, antivirus has a flaw: smartphone at risk of hackers

The Security app of Xiaomi has a flaw that allows hackers to install malware without users knowing about it. What to do to defend yourself

Installing a good antivirus on your smartphone, nowadays, is no longer a choice but practically an obligation given the constant threats that hackers and virus creators launch every day against our terminals. That's why many manufacturers now sell their devices with a built-in antivirus app that can't be uninstalled.

But what happens if the antivirus app itself has a flaw and exposes us to the risk of hacker attacks? That's what's happening these hours with Guard Provider, the security app pre-installed on Xiaomi phones. According to what has been discovered by Check Point Technologies, in fact, the Xiaomi Guard Provider app has an inherent flaw that exposes terminals using it to a dangerous Man in the Middle attack. This means that the hacker is connected to the same network as the smartphone to be targeted and is able to get between the app and the remote server without the user being aware of it, and then inject the smartphone with malicious code of any kind: a virus to steal passwords or personal data, malware to track user behavior or ransomware to lock the device and blackmail the owner.

Guard Provider, security flaw in Xiaomi smartphones

All this is possible because Guard Provider is not a real antivirus, but an app that uses third-party SDK development kits to install a commercial antivirus in the phone. The user, in fact, can choose whether to protect their smartphone with software from Avast, AVL or Tencent. Once the user has chosen, Guard Provider takes care of downloading the corresponding SDK package and installing it on the smartphone. And it is precisely at this stage that the hacker could sneak into the computer, replacing the third-party package with his own infected software, because the traffic between Guard Provider and the server from which it downloads the SDKs is not protected and encrypted, since it takes place with a connection in standard HTTP and not HTTPS.

Update your smartphone

Check Point has already warned Xiaomi about this vulnerability and the Chinese manufacturer has proceeded to release a patch to close the flaw in Guard Provider. Therefore, anyone who has a Xiaomi smartphone with Guard Provider preinstalled (on some terminals it is installed under the name "Security" or "Security") would do well to update the app to the latest available version to avoid risks.