CIP Cyber

Log In
Menu
Log In
  • Opinion
  • Product Reviews
  • Industrial Cybersecurity
  • Videos

Xiaome Mi4 Detected with Preinstalled Malware

Table of Contents

Bluebox, a
mobile-security firm has discovered preinstalled malware and a host
of other security issues with Xiaomi Mi 4 device. It seems that
mobile device has been tampered by an unidentified third party.


Bluebox
seeked to contact Xiaomi but did not get any response. Using some
antivirus scanners, Bluebox detected that there were at least six
suspicious apps were installed in the phone.


Xiaomi Mi4 Detected with pre installed malware
One of the
applications was Yt Service which fills the device with invasive ads
which tricks the phone into thinking that it comes directly from
Google, which would
likely reduce user’s fears about the program.


The
researcher also found risky software which was classified as Trojan
that disguises itself as a verified Google application and
allows hackers to hijack the phone. 

P { margin-bottom: 0.08in; }

The
device was further tested for further vulnerabilities. Andrew Blaich,
Bluebox’s lead security analyst said that Mi 4’s operating
system is a non-certified version of Android and is
therefore subject to a number of flaws. Some of the bugs
and security issues were discovered to be specific to
old Android software, not its current release, leading them to
believe that the OS was a mashup between the new
KitKat 4.4.4. and an older form of Android.

The
vulnerabilities may exist due to the reason that smartphone uses
Xiaomi’s own open-source MIUI build of Android, which has not been
certified by Google. Android is actually open-source Linux software,
and anyone can take the stock Android image and build on it.

The result
is that the Xiaomi Mi4 is an exploitable jumble of two different
versions of Android, KitKat and Jelly Bean, and is hostilely
vulnerable to security faults from each. 
The analysis
of the signatures of the apps creates a suspicion that the device may
have been tempered because the signatures seem to differ from
the manufacturer’s signing key.

CIP Cyber Staff

CIP Cyber Staff

CIP Cyber Staff comprises CIP cybersecurity experts committed to delivering comprehensive information on critical infrastructure protection. The content covers diverse topics, equipping professionals to defend organizations and communities in an ever-evolving cyber landscape.

Most popular

Opinion

Password Cyberattack: Everything You Need to Know

November 7, 2023

Industrial Cybersecurity

Cybersecurity Awareness Month: Spotlight on ICS/OT Security

September 28, 2023

Opinion

How to Protect IoT Devices in Critical Infrastructure Networks

September 15, 2023

Want always be up to date?

Don't miss the latest news

By subscribing to our mailing list, you will be enrolled to receive our new trainings, latest blog posts, product news, and more.

CIP Training & Certifications

Transform your cybersecurity skills with CIP Cyber’s comprehensive training & course offerings

Choose Training

Related Articles

Want always be up to date?

Don't miss the latest news

By subscribing to our mailing list, you will be enrolled to receive our new trainings, latest blog posts, product news, and more.

CIP Training & Certifications

Transform your cybersecurity skills with CIP Cyber’s comprehensive training & course offerings

Choose Training