Priya Patel
TLDR:
- Researchers have found 20 vulnerabilities in Xiaomi apps on their smartphones.
- Users are urged to update their devices to protect against potential hacking threats.
Researchers have uncovered 20 vulnerabilities in Xiaomi apps that could allow hackers to steal passwords and compromise social media accounts. The flaws, related to Xiaomi’s deployment of Google’s Android operating system, have been fixed by the company. Although the weaknesses were not believed to have been exploited by malicious hackers, users are encouraged to update their phones as soon as possible. The vulnerabilities, which affected a range of software running on Xiaomi devices, could grant attackers “system privileges,” potentially leading to theft of user passwords and access to private user files. Oversecured, the mobile security startup that discovered the flaws, disclosed them to Xiaomi, which remediated the vulnerabilities within a week.
While Xiaomi confirmed that all vulnerabilities have been patched, experts suggest that the company should invest more resources in the security of its devices. By offering larger rewards to hackers through its bug bounty program, Xiaomi could potentially avoid significant security issues in the future. Currently, Xiaomi’s payouts to hackers are significantly lower than those of Google, which paid out $3.4 million to Android security researchers in 2023. The company has stated it has an industry-leading security team and is working with Google and HackerOne to build secure Android systems.
