Xiaomi Phone Bug Enables Theft

Uploaded on 2022-08-23 in TECHNOLOGY--Hackers, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

Making payments from mobile devices makes it possible for a malicious app to steal money from your digital wallet. Now, Smartphone maker Xiaomi, the world’s number three phone maker behind Apple and Samsung, has reported it has patched a high-severity flaw in its “trusted environment” used to store payment data that opened some of its handsets to attack.

In a recently released report Check Point researchers have revealed that a flaw in the smartphone maker Xiaomi's operating software could lead to mobile transactions being disabled, replicated and even forged by attackers. 

The company has now patched the vulnerability, which was contained in the part of the operating system used to store user payment data. If exploited, the flaw would have allowed attackers to hijack the mobile payment system. This could potentially lead to forged transactions initiated by the attacker. 

The potential pool of victims is huge, considering the popularity of Xiaomi smartphones, and could be incredibly disruptive to consumers. 

Check Point’s study marks the first time that Xiaomi’s trusted applications have been found to contain security issues. All users should implement the patch by updating their software immediately to make sure that their systems are up to date. 

CheckPoint:      Threatpost:        Oodaloop:     TechRadar:        VPNOverview:

You Might Also Read: 

Cyber Criminals Increasingly Focus On Mobile Devices:

 

« BlackByte Ransomware Group Have An Update
Microsoft Disrupts Russian Spies »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

ITpreneurs

ITpreneurs

ITpreneurs provides IT training content, Instructors, Learning Infrastructure and services to IT Training providers.

Egerie

Egerie

EGERIE's RiskManager solution provides a Global, Centralized, and Updated view of risk maps and security measures for your company.

Protocol Policy Systems

Protocol Policy Systems

Protocol Policy Systems specialise in IT policy deployment and management systems that deliver compliance and secure computing environments.

Findings

Findings

Findings (formerly IDRRA) is a scalable AI powered assessment platform that streamlines security compliance across sectors, jurisdictions and regulatory frameworks.

ResponSight

ResponSight

ResponSight is a data science company focusing specifically on the challenge of measuring risk and identifying changes in enterprise/corporate networks using behavioural analytics.

CryptoMill Cybersecurity Solutions

CryptoMill Cybersecurity Solutions

CryptoMill Cybersecurity Solutions provides advanced, innovative data security solutions for enterprises, professionals and individuals.

Aptiv

Aptiv

Aptiv is a global technology company that develops safer, greener and more connected solutions enabling the future of mobility.

ICS-CSR

ICS-CSR

ICS-CSR is a research conference bringing together researchers with an interest in the security of industrial control systems.

Area 1 Security

Area 1 Security

Area 1 is the only Pay-per-Phish solution in cyber security. And the only technology that blocks phishing attacks before they damage your business.

ScienceSoft

ScienceSoft

ScienceSoft is a provider of software development and IT consulting services including Information Security.

Cynance

Cynance

Cynance are an award-winning, independent cyber security specialist and part of the Transputec family of companies.

OneLayer

OneLayer

OneLayer provide enterprise grade security dedicated for private LTE/5G networks. We ensure that the best IoT security toolkit is implemented in your cellular environment.

HIFENCE

HIFENCE

HIFENCE delivers cybersecurity and networking services that make your company safer and more secure. That’s all we do, so you can concentrate on all the things that you do best.

Cybercentry

Cybercentry

Cybercentry is a specialist information security, data protection and cyber security consultancy.

DataPatrol

DataPatrol

DataPatrol is a software company, specialized in providing Security and Privacy of company’s data and information in an evolved way.

Fernao Group

Fernao Group

Fernao offer you all solutions from a single source - from cyber security, business resilience and digital infrastructure to cloud technologies and pentesting.