Xiaomi’s phones had a security flaw preinstalled on millions of devices – CNET
Support XiaomiEnlightened
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
cnet..usa … ask appple ))
They patched it though I got an update today. I’m surprised this isn’t on more phones, Xiaomi was first with security app, then others copied it (or did it right!).
What do you need a ‘security’ app for?
Clearly for a ‘security’ flaw /s
Original is here:
https://research.checkpoint.com/vulnerability-in-xiaomi-pre-installed-security-app/
And that’s why I flashed LOS. Can’t trust an OS that is shipped with apps like Clean master by Cheetah Mobile. This breach seems to have been worse than that.
So do Samsung phones, it’s called Facebook.
Does this just affect MIUI or all
The odds of a MITM attack that changes the malware list happening to you and then getting the malware that was removed have got to be pretty low, though. I don’t see why someone would do this MITM attack if they don’t have a way to install their malware.
That’s why I use custom ROMs on my Redmi 5.
But sometimes you can get it unlocked in 72 hours.
Updates to a root-level app over fucking HTTP. Wonder what other stupidity could be hidden inside xiaomis.
Actually the same happened to me. 2 whole weeks 🙁
They don’t need to. They just need to be on the same wireless network. They could push malware to your Xiaomi phone as they have root level access.
MIUI.
It has more to do that they have purposely hairbrained security. Root-level updates over HTTP? These guys are fucking insane. This is why I flash custom roms.
Phew
big corp. , around reddit know for selling to the chinese government thats like bad^2
Its not only the corps. ANYONE on the same wifi network has remote root access by virtue of installing an unencrypted payload.
Yeah, only Lineage I trust.
Flashed os ?
Lol
By how ?
By givimg uou your imei number and other network detaols to xiomi servers, to do what, just to unlock a bootloader.
You have to make an id on xiomi to unlock it which transmits a hell lot of data before you can wipe miui
It looks like it needs to be checking for an update at the same time.
So defensive.
I like it.
Fuck me
In the article, “Xiaomi is already fixed it” so yes..atleast the company is moving
This comment has been edited in protest to reddit’s decision to bully 3rd party apps into closure.
Yeah it’s not exactly rocket science. Don’t use the phone as your personal device before unlocking it, and if you really care about your network etc, don’t use your home network ip to register and unlock the phone. You can even use a virtual machine to unlock it.
deleted ^^^^^^^^^^^^^^^^0.5530 [^^^What ^^^is ^^^this?](https://pastebin.com/FcrFs94k/66594)
Took my post from r/Android because I really would like to know:
The article says Xiaomi has fixed the problem by releasing a patch ‘shorly after’. But it doesnt state when they told Xiaomi of this, so I am wondering in what update this has been fixed. Does anyone know?
In one changelog of a weekly I found:
**Security center**
Fix -Repairing the risk copy during the virus scanning process will restart the scanning
This doesn’t really seems to be related to the issue. Anyone any idea?
That’s because you bought a Redmi Note 3 Pro. Don’t blame your poor experience on the company, you bought a cheap phone and got a cheap phone experience.
And now this…. From today !
https://t.me/thehackernews/253
No it’s more than that, for government officials and medical buildings, if they have Wi-Fi pretty much they’re pretty easy to crack so what that means is that if you are somebody who is doing sensitive work like at a university research lab or anything similar, then somebody could be outside the building and hack you. Now you might not think it’s a big thing but given how big corporate espionage is against other companies and given how medical data has been stolen left and right as of recent, this is actually a bad thing because while you may not think you are interesting, the data you have is pretty good for mapping out metadata and other things that we could use to our advantage.
You say that like the Apple didn’t release the iPhone 6 AND 6S, knowing they were 10x more susceptible to bending than the 5s. Only one of Xiaomi’s phones had a serious bending issue, and the next generation was built much better. Apple just ignored the issue until the 7.
Yes, [it did.](https://youtu.be/Ve4sejMLkUw) Just not to the same extent.
You say that as if Apple even cares about your privacy. Samsung too. Even they’ve sold out to Cheetah’s Spyware.
All my pics are infected from it it’s a nightmare