The Vulnerabilities of Xiaomis mobile payment mechanism could allow forged transactions and thus harm users. The security agency checkedpoint analyzed the problem, which found a lot of flaws in some Android devices.
Checkpoint Research (CPR) analyzed the payment system built into Xiaomi smartphones powered by MediaTek chips. The security agency found warning signs that the company mentioned and shared with them, while not only did it inform informature.
Among Xiaomi’s smartphone, people have detected vulnerabilities detected by the Checkpoint agency.
Indeed, there were vulnerabilities that could give forgery and to disable the payment system. That’s from an Android app without any relevant permissions. However, the task force in question has collaborated with Xiaomi. That company recognized the vulnerabilities and released patches for the vulnerabilities.
At issue was the vulnerability in Xiaomi’s payment software. These vulnerabilities are primarily related to smartphones with MediaTe processorsk. However, according to the reports made by Check Point Research from China, the threat was reduced outside this country.
With the popularity of mobile payments becoming increasingly popular across the world, these is increasingly targeted by crooks. These are systems that most smartphone users already use daily and comfortably, removing doubts and uncertainties.
For Chinese smartphones with MediaTek chips, the move was directed towards China.
According to the report released by CPR (Mobile) researchers, the threat may affect the payment system built in the Xiaomi smartphone powered by mediaTek chips. It is thus a highly popular model of higher – affordable models in China and elsewhere.
During these analyses, vulnerabilities were discovered that could get forging payments packages. They could also disable the payments system directly from an unprivileged Android application.
If TEE is safe, you can pay your money well.
The trusted execution environment (TEE) has been an integral part of mobile devices for many years. Its purpose is to process and store sensitive security information. Some key and fingerprint information are found.
Since mobile payments subscriptions are performed on the TEE, we assume it’s secure. You are receiving your payments.
The Asian market, which is represented mostly by smartphones basing on MediaTek chips, hasn’t yet been widely explored. People are not examining trusted apps written by device vendors like Xiaomi. It’s ok that security and mobile payments are in full.
According to CPR, this is the first time that Xiaomis trusted apps are being examined for security reasons.
We focused on the reputable application of the MediaTek devices. The device used is the Xiaomi Redmi Note 9T 5G, with the Android operating system and the MIUI Global 12.5.6.0 interface. CPR is missing.
Conclusion
In the course of this investigation, the platform embedded in smartphones of Xiaomi, and used by millions of users in China for mobile payments. and forge payment packages. After exposing and supporting partners, this vulnerability was fixed by the company in June 2022. In addition, they showed how, in terms of the deterioration in the tEE (Midi) can protect the old version of the wechat application against the pirate to steal their own keys. Xiaomi has re-discovered this vulnerability and developed it after sharing it with anyone. The issue of declassification, that Xiaomi confirmed a third-party vendor was a firm, is being resolved soon.