Xiaomi Phones with MediaTek Chips Found Vulnerable to Forged Payments

Wed, 17 Aug 2022 21:13:00 Dan

Security flaws have been identified in Xiaomi Redmi Note 9T and Redmi Note 11 models, which could be exploited to disable the mobile payment mechanism and even forge transactions via a rogue Android app installed on the devices.

Check Point said it found the flaws in devices powered by MediaTek chipsets during a security analysis of the Chinese handset maker's "Kinibi" Trusted Execution Environment (TEE).

A TEE refers to a secure enclave inside the main processor that's used to process and store sensitive information such as cryptographic keys so as to ensure confidentiality and integrity.

Specifically, the Israeli cybersecurity firm discovered that a trusted app on a Xiaomi device can be downgraded due to a lack of version control, enabling an attacker to replace a newer, secure version of an app with an older, vulnerable variant.

"Therefore, an attacker can bypass security fixes made by Xiaomi or MediaTek in trusted apps by downgrading them to unpatched versions," Check Point researcher Slava Makkaveev said in a report shared with The Hacker News.

More at https://thehackernews.com/2022/08/xiaomi-phones-with-mediatek-chips-found.html

About the author

Dan

Dan

 

I'm a long-time user and enthusiast of open source software and espouse the philosophy that software code should be open (readable). So that everyone can see what happens behind the scenes while we use our electronic devices every day.