Download Certificate- Most Promising Partner | ECIO | Most Admired Brand | Most Trusted Company

Vulnerabilities in Xiaomi Phones could have led Hackers to Forge Payments


By MYBRANDBOOK


Vulnerabilities in Xiaomi Phones could have led Hackers to Forge Payments

Check Point Research (CPR) identified vulnerabilities in Xiaomi’s mobile payment mechanism. Left unpatched, an attacker could steal private keys used to sign Wechat Pay control and payment packages. Worst case, an unprivileged Android app could have created and signed a fake payment package.

 

Vulnerabilities were found in Xiaomi's Trusted Environment

Over 1 billion users could have been affected

Xiaomi acknowledged and fixed the security flaws

 

Check Point Research (CPR) identified vulnerabilities in Xiaomi’s mobile payment mechanism. Left unpatched, an attacker could steal private keys used to sign Wechat Pay control and payment packages. In the worst case, an unprivileged Android app could have created and signed a fake payment package.

 

Specifically, the vulnerabilities were found in Xiaomi's Trusted Environment, which is responsible for storing and managing sensitive information such as keys and passwords. The devices studied by CPR were powered by MediaTek chips.

 

Two Attack Paths

CPR discovered two ways to attack the trusted code:

From an unprivileged Android app: The user installs a malicious application and launches it. The app extracts the keys and sends a fake payment packet to steal the money.

 

If the attacker has the target devices in their hands: The attacker rootes the device, then downgrades the trust environment, and then runs the code to create a fake payment package without an application.

 

Responsible Disclosure

CPR responsibly disclosed its findings to Xiaomi. Xiaomi acknowledged and issued fixes.

Quote: Slava Makkaveev, Security Researcher at Check Point:

“We discovered a set of vulnerabilities that could allow forging of payment packages or disabling the payment system directly, from an unprivileged Android application. We were able to hack into WeChat Pay and implemented a fully worked proof of concept. Our study marks the first time Xiaomi's trusted applications are being reviewed for security issues.

 

We immediately disclosed our findings to Xiaomi, who worked swiftly to issue a fix. Our message to the public is to constantly make sure your phones are updated to the latest version provided by the manufacturer. If even mobile payments are not secure, then what is?”
 BREAKING NEWS  BREAKING NEWS
Cisco announces AI-native secure Wi-Fi 7 for future-ready employe

Cisco announces AI-native secure Wi-Fi 7 for future-ready employe...

Announcing a major leap in wireless technology, Cisco has launched its Wi...

The BSE benchmark Sensex tumbled over 800 points, leaving investo

The BSE benchmark Sensex tumbled over 800 points, leaving investo...

The BSE benchmark Sensex recently experienced a significant drop, tumblin...

North Korean GPS Interference Disrupts Air Traffic

North Korean GPS Interference Disrupts Air Traffic...

South Korea's military has publicly accused North Korea of disrupting GP...

US ordered TSMC to halt chip shipments to China

US ordered TSMC to halt chip shipments to China...

TSMC has had regular discussions with the government on export control issu...

 TECHNO TRENDS  Placeholder image
Nazara and ONDC set to transform in-game monetization with ‘

Nazara and ONDC set to transform in-game monetization with ‘

Nazara Technologies has teamed up with the Open Network for Digital Comme...

Jio Platforms and NICSI to offer cloud services to government

Jio Platforms and NICSI to offer cloud services to government

In a collaborative initiative, the National Informatics Centre Services In...

BSNL awards ₹5,000 Cr Project to RVNL-Led Consortium

BSNL awards ₹5,000 Cr Project to RVNL-Led Consortium

A syndicate led by Rail Vikas Nigam Limited (abbreviated as RVNL), along wi...

Pinterest tracks users without consent, alleges complaint

Pinterest tracks users without consent, alleges complaint

A recent complaint alleges that Pinterest, the popular image-sharing platf...

 E-Magazine 
 TECHNOTAINMENT  Placeholder image
Eloelo teams up with Elvish Yadav for India's biggest digital

Eloelo teams up with Elvish Yadav for India's biggest digital

Netflix adds 'Moments' feature for saving, sharing scenes from

Netflix adds 'Moments' feature for saving, sharing scenes from

Netflix has introduced a new “Moments” feature on its mobile app, whic
Jacqueline Fernandez come together with YouTuber Mr. Beast for

Jacqueline Fernandez come together with YouTuber Mr. Beast for

Jacqueline Fernandez has partnered with American YouTuber Mr. Beast to b
 MOVERS & SHAKERS  Placeholder image
Kamal Nath quits SIFY Technologies

Kamal Nath quits SIFY Technologies

Visa elevates Rishi Chhabra as new Country Manager for India

Visa elevates Rishi Chhabra as new Country Manager for India

Rishi holds a Master’s in Industrial Engineering from The Ohio State Univ
Genesys welcomes Albert Nel as Senior VP and Regional Sales Le

Genesys welcomes Albert Nel as Senior VP and Regional Sales Le

Genesys continues to deepen its investment in the APAC region. Earlier this
 OPEN YOUR EYES  Placeholder image

Technology empowering people stay connected in un-touch world
A question arises on how would be the future of the workplace?
The disruption in the technology demands to ensure business continuity
Urgency In Refuelling Digital Transformation For Customizing Needs
How Work From Home Brings Various Security Challenges
 INTERVIEWS  Placeholder image
Cisco building a trusted and resilient future for the nation

Cisco building a trusted and resilient future for the nation

Autodesk continually pushing the boundaries in the Design and

Autodesk continually pushing the boundaries in the Design and

Autodesk’s vision is of a better world designed and made for all. It inte
Delivering Critical Business Communication Solutions to Enterp

Delivering Critical Business Communication Solutions to Enterp

Arya Omnitalk and Syntel’s comprehensive suite of solutions and more than
 HOT PICK  Placeholder image
BOULT unveils AmpVault V10 & V20 powerbanks: Fast charging, sa

BOULT unveils AmpVault V10 & V20 powerbanks: Fast charging, sa

SonicWall Launches TZ80: A Powerful Solution for Remote Office

SonicWall Launches TZ80: A Powerful Solution for Remote Office

SonicWall announced today the launch of the TZ80, a groundbreaking securit
Gigabyte X3D Turbo: A Gaming Revolution

Gigabyte X3D Turbo: A Gaming Revolution

GIGABYTE X3D Turbo Mode is a cutting-edge feature that unifies cores distr
 MAKE IN INDIA BRANDS   Placeholder image
SAMRIDDHI AUTOMATIONS PVT. LTD.

SAMRIDDHI AUTOMATIONS PVT. LTD.


TVS ELECTRONICS LTD.

TVS ELECTRONICS LTD.


VVDN TECHNOLOGIES

VVDN TECHNOLOGIES


TALLY SOLUTIONS PVT. LTD.

TALLY SOLUTIONS PVT. LTD.


 EMINENT CIO'S OF INDIA  EMINENT CIO'S OF INDIA

USING AI & BI OFFERINGS TO ADDRESS CLIENT NEEDS

In the fiscal year 2024-25, Assisto Technologies h...

STRATEGIC FRAMEWORK FOR SUSTAINABLE BUSINESS EXPANSION IS PATHWAY TO PROSPERITY

Accelerate the adoption of AI and machine learning...

AI TO IMPROVE INSIGHTS THROUGH AUGMENTED ANALYTICS, WHILE EDGE COMPUTING TO ALLOW REAL-TIME PROCESSING

For the fiscal year 2024-25, our organization has ...

 ICONS OF INDIA  Placeholder image

ICONS OF INDIA : SRIDHAR VEMBU

Sridhar Vembu is the chief executive officer (CEO) of Zoho Corporation...

Icons Of India : AMIT CHADHA

Amit Chadha serves as the CEO and Managing Director of L&T Technology ...

Icons Of India : Dr. Arvind Gupta

Arvind Gupta is the Head and Co-Founder of the Digital India Foundatio...

 PARTNER SPEAKERS  EMINENT CIO'S OF INDIA

Enhanced Skills & Expertise helping to better serve customers and stay ahead of the curve

Feedback Forms: Conducting surveys and collecting feedback from customers is a...

Fostering Positive Relationships and Enhancing Customer Satisfaction

Bloom Electronics’ data-driven insights for strategic brand decision and bra...

Investing in Innovation and Maintaining High Service Standards To Fortify its Brand Position

The rise of digital technology and cloud computing is a huge growth driver for...

 PSU  Placeholder image

GSTN - Goods and Services Tax Network

GSTN provides shared IT infrastructure and service to both central and...

RailTel Corporation of India Limited 

RailTel is a leading telecommunications infrastructure provider in Ind...

IOCL - Indian Oil Corporation Ltd.  

IOCL is India’s largest oil refining and marketing company ...

 VIDEOS  Placeholder image

 Top 25 Brands  Solution partners

Most Trusted Brands 2024 : Oracle Corporation 

Oracle focuses on secure enterprise software, and cloud solutions to build str...

Most Trusted Brands 2024 : AMD 

Advanced Micro Devices (AMD) has been a key player in the semiconductor indust...

Most Trusted Brands 2024: Nvidia Corporation

NVIDIA, founded in 1993, has evolved significantly over the years. Initially k...

 Global Indian industry   Value-Added Distribution

Indian Tech Talent Excelling The Tech World - Aman Bhutani, CEO, GoDaddy

Aman Bhutani, the self-taught techie and CEO of GoDaddy, oversees a co...

Indian Tech Talent Excelling The Tech World - Steve Sanghi, Executive Chair, Microchip

Steve Sanghi, the Executive Chair of Microchip Technology, has been a ...

Indian Tech Talent Excelling The Tech World - JAYASHREE ULLAL, President and CEO - Arista Network

Jayshree V. Ullal is a British-American billionaire businesswoman, ser...

 STARNITE AWARDS 2024  
 ITFORUM 2024  
   
 CMO of the Year   Placeholder image
 WOMEN LEADERSHIP  Placeholder image
 IMAGE GALLERY   Placeholder image
 TRENDS IN TECHNOLOGY  Placeholder image
MORE VIDEOS  Placeholder image
Brand Book
Brand Book
Brand Book
Brand Book
 ADVERTISEMENTS  Placeholder image
Brandbook Brandbook
 TECHNOLOGY DISRUPTION Placeholder image

HCLTech launches suite of technology solutions for 5G and beyond

HCLTech launches suite of technology solutions for 5G and beyond

23% of organizations are planning to use quantum technologies

23% of organizations are planning to use quantum technologies

Growing acceptance of TikTok, worries Facebook and Youtube

Growing acceptance of TikTok, worries Facebook and Youtube

Apple iPhone entering the market with aggressive pricing strategy

Apple iPhone entering the market with aggressive pricing strategy

 UNICORNS REVOLUTIONISING Placeholder image

Blink Commerce Private Limited

Blink Commerce Private Limited

MOGLI LABS PRIVATE LIMITED

MOGLI LABS PRIVATE LIMITED

Mensa Brands Technologies Private Limited

Mensa Brands Technologies Private Limited

Dreamplug Technologies Pvt Ltd.

Dreamplug Technologies Pvt Ltd.


Copyright www.mybrandbook.co.in @1999-2024 - All rights reserved.
Reproduction in whole or in part in any form or medium without express written permission of Kalinga Digital Media Pvt. Ltd. is prohibited.
Other Initiatives : www.varindia.com | www.spoindia.org
ADMIRED BRANDS

AFTER MARKET SERVICES

CATEGORIES

DISTRIBUTORS & VADs
GOVERNMENT BODIES

INDUSTRY BODIES

MAKE IN INDIA

CONTACT US

SUBSCRIBE NOW