DOZENS of security vulnerabilities have been discovered on Xiaomi devices, a cyber firm has warned.
Support XiaomiEnlightened
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
for newcomers to history, this has been since 1882 on US soil with their ‘Chinese Exclusion Act’
let this sink in, Chinese were originally traders during their mass migration, then got stepwise forced & relegated to laundry …because at that time, it was literally back breaking work thus borderline slavery
Most people don’t care too much about security to do anything, most people will just install any play store app and give it every permission possible if it asks
Fuck The Sun
I’d assume that most people would remove the Xiaomi apps and use others anyway.
I mean, what kind of person would use Mi Video outside of China, it’s a complete shed of an app.
The Sun is not a great source of technical info and will put a china = bad slant on things. The bugs are not just about Xiaomi collecting data, they are legit security issues too which would allow 3rd party apps to get access to data they shouldn’t.
Actual details here:
https://blog.oversecured.com/20-Security-Issues-Found-in-Xiaomi-Devices/
I’ll be checking for updates more often then…
Sorry to hear about that. I have my Poco M5 for around 6 months now, and from Android 12 when I bought it, I’ve been so far updated to Android 14 (HyperOS).
I had the same problem but with my Poco F5 Pro but then I found this post here on reddit, followed the steps in it and now I have HyperOs.
[https://www.reddit.com/r/PocoPhones/comments/1b1esnt/psa_poco_f5_pro_owners_stuck_in_14050_you_can/](https://www.reddit.com/r/PocoPhones/comments/1b1esnt/psa_poco_f5_pro_owners_stuck_in_14050_you_can/)
Edit: My Poco is global version, I don’t know if the steps in the post will work for non global version phones
Simple Gallery isn’t FOSS anymore. That dev team started new project after selling that one. New one is Fossify. Fossify Gallery on F-Droid
😞
Lineage OS goes brrrrrr…..
If you read the original report it is scaremongering. There are no threats that don’t exist in other brands. For example, the WiFi stack gives away location, something that Google has be doing for years to improve location accuracy.
Likewise Xiaomi changed the address of the servers connected to by certain apps from the default android one. Well of course they’re going to not use Googles servers.
None of the other threats can be achieved without someone getting hold of your phone and installing additional apps or code on it.
And really if someone has the opportunity to use your phone or connect via adb using usb, then these issues are really the least of your worries.
It’s scaremongering shite, ending on a scales pitch.
And really if be surprised if most people used the Mi Gallery above alternatives like Google photos which rendered most of it null and void.
Also I’m equally worried about Google scanning every photo I own or reading all my emails to train large language models for AI. This notion of Google=Good, China=Bad is latent racism to my mind.
Oh no! Anyways.
I’m using custom ROMs so I’m way safer.
lousy phone. all their native apps are retardded too
When I looked at the title I was interested in reading this, until I noticed it’s from the sun, this is the same newspaper that has constant fake news or complete misinformation.
Maybe not exactly fake, but misinformation more or so.
‘Merica! 🤣🤣🤣
I’m not sure we agree that people are giving information willingly. I’m not sure I ever wanted to share information about me to a company but yet they have a lot. 95% is in some extremely shady way that I don’t even know about or it’s a literal blackmail-if you want to use x you have to agree to give information. Pretty much definition of a blackmail. And it might be that all of that information will end up doing some good. It might train AI or some of it will end up improving products.. I think that the logic goes like this. If all goes well it will end well. And there is a good chance it will be like that. In a small chance that circumstances arise where strong entities need any type of control, leverage or power over you it will be used for that. In other words if everything continues to be roses we are good. If some sort of global conflict / totalitarian government arises it will be used as a metaphorical weapon.
Excuse you, I’m pretty sure you are either talking about Apple or Huawei. Yeah, Xiaomi is far from the best, but in the affordable category they are still the least garbage.
You don’t buy Xiaomi if you have security in mind lol
Oo I think we’re gonna be able to oem unlock the phones soon
The fact remains that Xiaomi delays security updates if you are in the USA that right there is the smoking gun as to why you shouldn’t buy their junk
So I need to know how to and what to install which 99% of the people either don’t know or will not do. So he’s not really scaremongering shite. He is just spreading awareness. And because”everybody does it” doesn’t mean we should be okay with it. With every brand. Ever.
I don’t think a regular user will be able to remove the Xiaomi apps. They come with the system and are installed in the system partition so to get rid of them one needs root or similar hacking methods.
The average IQ of thesun.co.uk reader is either below average intelligence or near genius (for entertainment value)
Yeah it’s just attention bait. It’s for people that already are against china to reinforce their beliefs.
It’s not even that, they say things like the Xiaomi Gallery collect data, like Google Photos don’t. Pathetic reporting.
Edit: spelling
Same here
More likely hundred of bugs that xiaomi is not planning to fix or not fixing at all
I agree with you, Apple has made a mush with their consumers’ brains with their “privacy” pep talk.
But if the threat model involves someone connecting your phone by USB or handling it, able to unlock it. Then it literally is scaremongering as that’s the least of your problems.
If you read the full report up to their sales pitch there’s no threat possible. How hard is that to understand.
Likewise people give away information all the time for convenience, the best example is letting Google read your emails to automatically add calendar events or apps polling WiFi for more accurate location. People make that choice, Google already knows where you are all the time but it’s not necessarily a bloody threat is it?
It has nothing to do with Chinese people. This is about the Chinese communist party. They have openly admitted that they want to dominate the United States. The only idiots here are people who don’t realize what the United States might be like and what your Comfortable little life might be when the value of the US Dollar is decreased. The Chinese government not the Chinese people as well as Russia, Iran, And North Korea, All look for any means possible to Is steel intellectual data from the United States. They’ve been doing it for years it’s not a controversy, it’s not a Conspiracy theory, it’s not racism. And you are absolutely right about Google. The difference is what they do with the information.
My Xiaomi Pad 6 is stuck on January’s patch and the Poco F5 is still running MIUI 14 because it’s somehow not getting HyperOS still, even though I literally bought it from a Xiaomi store *sigh*
Yes, I got that.
In my experience it’s somewhat “smoother” than MIUI, since it’s dealing with background apps better therefore leaving more memory available…
They don’t even sell in the USA.
Yeah, this too. 💀
>Settings
broo…how we can control smartphone without setting ?
None of the threats can be achieved without someone handling your phone, connecting to it by USB…or if you install apps or code from unknown sources so yeah it’s scaremongering.
You had a bad experience now you want to cry to the community who have had pleasant experience, sorry to tell you but you’re not the main character, you should probably go comment on something you enjoy.
You might be the guy to ask so 😁
I’m looking at buying the redmi k70 pro, without custom ROM will services like Google wallet etc. work in Europe?
I’ve heard conflicting statements about this with Asia exclusive phones.
Probably best to run a custom ROM anyway is it?
Not only Xiaomi, I’ve seen an article (Forbes I think) that stated that Google Pixel has some of them too, reported from the last year, but only Xiaomi took actions when they got reported unlike google that ignored them for a year
I don’t know if there used to be a correlation or not because I recently owned a Xiaomi but somehow not even the first week the scammers are looking for loopholes to scam you
It’s best to run a custom ROM.
Check the XDA Dev Forums, some official ROMs maintained by the project devs pass SafetyNet by default.
HyperOS is shit, just like MIUI, their gimmicks work but the core functions are glitchy.
Unfortunately I’ve now read the whole post and all “vulnerabilities” would require access to the phone and installing apps on it in some way.
Certain vulnerabilities such as WiFi leaking location are standard practice by Google in order to improve location by polling WiFi networks and knowing their address.
Moral of the story is don’t give your phone to strangers, don’t install apps from unknown sources, use your own charging cable, and you be fine.
There is an element in this that’s just a sales pitch masquerading as security post:
“If you want to enhance your mobile app’s security, explore Oversecured for comprehensive vulnerability scanning. Contact us to learn more or arrange a demo.”
Thanks for the link to a proper post and not The Sun though, interesting read.
OH NO! i buy iphone now
You probably didn’t read my message. So to reiterate-it doesn’t matter if someone else does it or everybody does it. I don’t care. Sharing awareness that a brand does it can only be positive and we shouldn’t act or react negative towards it. The “Google also does it” as an excuse is the least productive reaction to the whole problem. And might be one of the reasons why we have it in the first place. Nobody should do that. And every single company should be punished for it. And if Xiaomi sales drop because of that maybe they will stop doing it and become the first company that doesn’t do that. So singling out one company and forcing it to act respectfully towards it’s customers could be a first stepping stone towards everybody else following suit. So everybody does it is the absolute worst reaction that anybody can have and is only holding us back.
Lol say this when you would experience the crap
Thanks for the heads up, I’ll change it now 👍
Updates? Xiaomi is the one providing you the updates… Unless you dont care about it, or change your phone to another brand (non-Chinese) there is no escape.
I think they mean OS vulnerability. Good luck replacing that.
you don’t buy any phone for security tbh
The sun should explode
There’s not a subreddit called r/degoogle for no reason.
An easy fix if not using Gmail, or as many Google apps as possible. The only one I can’t leave is Maps as the use of live traffic conditions for route planning work so damn well.
I saw another article about I think an Amazon app, where they were rubbishing it as a privacy threat, and it required fewer privacy permissions than the Google equivalent, but somehow we all think Google are the good guys.
I agree it’s such a normal thing it’s criminal how almost nobody talk about it
The article is pretty shit, but people should’ve dug deeper.
https://blog.oversecured.com/20-Security-Issues-Found-in-Xiaomi-Devices/
I have a Xiaomi phone that’s 8 months behind in updates. And it got released 12 months ago. You don’t buy a Xiaomi phone expecting any kind of decent security features.
After the propaganda about Huawei, I don’t believe anything. Xiaomi could be their next target as another inconvenient US competitor..
What rubbish, the data collection described in the Xiaomi apps is exactly what you would find in any Google app.
If you don’t think Google Photos accesses your photos metadata, location and files then you’re an idiot. The only thing here is a slightly racist China is bad undercurrent.
Furthermore you can disable all the permissions in permission manager and in my case uninstall the apps, using FOSS apps like Simple Gallery instead.
Scaremongering shite.
I was right to worry about Poco F4 and his outdated security patch from mid 2023
https://www.reddit.com/r/Xiaomi/s/665BD369fO
I had posted previously it is the worst company and worst phones ever. Don’t buy crap.
I don’t even think I have an emergency contact in my phone – which is one of the vulnerabilities – also I don’t use a lot of stock software – but even so if someone knows I connect to some Bluetooth headphones it’s hardly a big deal.
They don’t? What 💀🤣
What kind of scammers?
> I’d assume that most people would remove the Xiaomi apps and use others anyway.
That’s absolutely not the case for MOST people. Most people just use the phone and either ignore the app, or swipe away the ads these apps present, being annoyed and doing nothing to fix it.
That’s why adding all those crap apps is so effective for ad companies.
Most Xiaomi models aren’t even officially supported though, and unofficial releases lose support quite quickly 🙁 my Pad 6 doesn’t even support any custom ROMs at all from what I’ve seen.
Custom ROM maybe?
Advice from a professional.
Amen
I thought the most acceptable racism was something else because I’ve seen an uptick in attitudes against racism against Asians in general.
The truth is I don’t know how they got my personal info but the scammers got into my account made a fake payment and said they were legit I lost money don’t know if I get it back made police report called Spectrum they posed as Spectrum But I think it’s something to do with these Chinese phones I’m just not buying Chinese smartphones that’s it I’m really pissed I lost a thousand dollars and I might or might not get it back and I’m pissed till this day
China Bad is how you get clicks. Racism against Chinese is also the most acceptable racism in the West.
I’m using “DuckDuckGo” a free web browser with App Tracking Protection…
For anyone who’s is not familiar with the UK the newspaper and website “the sun” is not exactly the peak of journalism and technical reporting.
I’m using HyperOS (upgrade from MIUI), so I guess updates will come automatically…
HyperOS is just a re-skin of MIUI though.
I’m not buying Xiaomi because I was scammed recently but if you trust themgreat I’m sticking with Samsung and Xiaomi takes forever to update in the USA that is never good if you are concerned about having the fastest security updates Google and Samsung are the best in that area
The sun is a load of rubbish btw.
Oh, yummy
“Worst phones ever” . Sounds like you have done lots of research.