Xiaomi hides a dangerous antivirus in its smartphones

Security researchers have discovered a flaw in Guard Provider, a security suite preinstalled on Xiaomi smartphones.

Researchers from the security vendor Check Point have recently discovered a flaw in an application preinstalled on Xiaomi smartphones. The application in question is called Guard Provider and also appears under the name Security.

The vulnerability is caused by the use of multiple software development kits ( SDKs ). These tools, which facilitate the work of the developer, have a major disadvantage: a flaw in an SDK affects the entire application, including other SDK. Knowing that an application uses an average of more than 18 SDKs, the risk of finding faults is increasingly important.

The flaw is at the security application level

The attack requires that the victim is connected to the same Wi-Fi network as the attacker, which leaves many opportunities on public networks such as airports, hotels or even businesses. Among the SDK used by Guard Provider, are those of antivirus Avast, AVL and Tencent. Downloads of virus updates are made without a secure connection; this allows the attacker to intercept them and, by combining several techniques on the various SDKs, to inject his own code.

The situation is a bit ironic since Xiaomi has added Guard Provider to protect the mobile against attacks and, like most preinstalled applications, it can not be removed. The researchers warned the builder before publishing their results, the latter has since published an update to correct the flaw.