Security vulnerabilities found Xiaomi phones could allow authorized mobile payment scams on Chinese branded devicesaffects at least 1 billion users. They were spotted by researchers at Check Point Research (CPR), according to a statement released Monday.
According to the company specializing in cybersecurity, the flaws were present in smartphones manufactured by the Chinese giant. Powered by MediaTek processors. The errors affected the devices Trusted Execution Environment (TEE), which is responsible for processing and storing sensitive information such as cryptographic keys and fingerprints.
By exploiting such loopholes using a malicious application, cybercriminals will have a chance to steal keys, passwords and other financial data stored in TEE and create fake payment packages on platforms such as: WeChat Payment, It is very popular in China. From there, it will be possible to make fraudulent transfers to any account.
Another possibility that experts have pointed out is, downgrade attack, reversing the environment of trust as cybercriminals replace newer, better-enhanced apps with older, unprotected versions, ignoring fixes by Xiaomi and Mediatek. They would be able to create fake packets by exploiting the vulnerabilities.
problem solved
According to CPR, one of the loopholes found completely compromises the Tencent Soter mobile payment framework, which is used to authenticate payment package transfers on Xiaomi mobile phones and on which WeChat Pay is based. WeChat digital wallet and Alipayof the AliExpressThey are China’s largest digital payment operators.
Warning about security vulnerabilities in the mobile phones it produces, Xiaomi has released a patch to fix the errors detected by experts. The build was made available for manufacturer-affected models in June, with some reportedly being sold in Brazil.
There are no reports of these vulnerabilities in Chinese branded phones being exploited by cybercriminals, at least so far. However, it is essential to keep devices updated with the latest packages to further protect against cyberattacks, scams and scams.
Source: Tec Mundo
