• Latest
  • All
  • How To
Multiple Vulnerabilities in Xiaomi Devices Pose Threat to All Users

Multiple Vulnerabilities in Xiaomi Devices Pose Threat to All Users

May 15, 2024
Communications Authority ranked by ITU as best in Africa ICT regulations

Media Blackout: Communications Authority Orders Halt to Live Protest Coverage

June 25, 2025
social media protests Kenya

#SiriNiNumbers: Gen Z-Led Protests Dominate Kenyan Streets and Social Media

June 25, 2025
How to Secure Your Phone and Yourself During Protests

How to Secure Your Phone (and Yourself) During Protests

June 25, 2025
xiaomi

Xiaomi June 26 Mega Launch: From EVs to Foldables

June 24, 2025
DHgate Tablet Cases deals
All-Screen-iPhone-2027-Apple

Apple Reportedly Working on an All-Screen iPhone

June 24, 2025
Unified Payment Interface

CBK’s New Fast Payment System Plan Could Rival M-Pesa

June 24, 2025
Starlink

Starlink Resumes Sign-Ups in Nairobi After 7-Month Freeze

June 24, 2025
ASUS ROG Flow Z13

ASUS ROG Flow Z13 Proves Portability and Power Can Coexist

June 24, 2025
Infinix InBook Air

Infinix InBook Air Review: Perfect Laptop for Students and Simple Workflows

spotify-mobile

Spotify Lossless HiFi Update Nears Reality After Years of Delay

June 23, 2025
whatsapp

WhatsApp Is Testing a New AI Tool To Help Users Write Texts

June 23, 2025
SHIF Status

How to Check Your SHIF Status in Kenya: A Complete Guide

June 23, 2025
Techweez | Tech News, Reviews, Deals, Tips and How To
  • News
  • Entertainment
  • Reviews
  • Features
  • Editorial
No Result
View All Result
Techweez | Tech News, Reviews, Deals, Tips and How To
  • News
  • Entertainment
  • Reviews
  • Features
  • Editorial
No Result
View All Result
Techweez | Tech News, Reviews, Deals, Tips and How To
No Result
View All Result

Multiple Vulnerabilities in Xiaomi Devices Pose Threat to All Users

ElvyLewis Ndungu by ElvyLewis Ndungu
May 15, 2024
in News
Reading Time: 3 mins read
318
0

Security researchers have found 20 dangerous vulnerabilities affecting various apps and system components within Xiaomi mobile devices. Some of the security flaws reported could allow the theft of arbitrary files, and leak information about connected networks and emergency contacts.

“The vulnerabilities in Xiaomi led to access to arbitrary activities, receivers and services with system privileges, theft of arbitrary files with system privileges, disclosure of phone, settings, and Xiaomi account data, and other vulnerabilities.” Security researchers from OverSecured wrote in their report.

Related: Security Checklist for Your Android Smartphone

Some of the applications and system components were even found to contain more than one security flaw.

Components and applications affected

Researchers were able to scan and find vulnerabilities in components such as:

  • Security app (com.miui.securitycenter) – Vulnerability in this application could give an attacker system privileges. This would allow an attacker to get access to arbitrary activities of all applications installed on a user’s device.
  • Settings (com.android.settings) – This component had various vulnerabilities. One flaw could leak information about Bluetooth devices, connected Wi-Fi networks, Xiaomi account details, and filtered phone numbers. Another security flaw in this application could give an attacker system permission to read device files.
  • GetApps (com.xiaomi.mipicks) – Exploiting a security flaw in this component could lead to memory corruption. This vulnerability comes from the LiveEventBus library and was reported more than a year ago. However, no updates to the library are available as of yet.
  • MIUI Bluetooth (com.xiaomi.bluetooth) – A security flaw in this application could enable theft of arbitrary files and also leak bluetooth data.
  • Security core component (com.miui.securitycore) – A vulnerability within this component could allow an attacker to change device settings.
  • Phone services (com.android.phone) – A flaw could expose telephony data.
  • System Tracing (com.android.traceur) – This component was found to contain a shell command injection bug.

Other apps and components impacted include:

  • MI Video (com.miui.videoplayer)
  • Gallery (com.miui.gallery)
  • Print Spooler (com.android.printspooler)
  • Xiaomi Cloud (com.miui.cloudservices)
  • ShareMe (com.xiaomi.midrop)

The security flaws in Xiaomi mobile devices are a result of various modifications to legitimate Android Open Source Project (AOSP) components. These components include Settings, System Tracing, and Phone Services. Manufacturers usually modify these components to allow for additional functionality.

Most of these vulnerabilities have already been patched and it’s recommended you install the latest security updates available if you use a Xiaomi device.

Tags: Xiaomi
SendShare178Tweet112
ElvyLewis Ndungu

ElvyLewis Ndungu

Just a guy who loves to code and has a passion for storytelling | Bringing you the latest on all things tech. You can reach me via [email protected] or on Twitter.

Related Posts

xiaomi

Xiaomi June 26 Mega Launch: From EVs to Foldables

June 24, 2025
Apple Event

Apple Becomes First Trillion Dollar Brand in New Global Ranking

May 20, 2025
Snapdragon 8 Elite 2

Qualcomm’s Most Powerful Mobile Chip Is Launching In September

April 29, 2025
redmi a5

Xiaomi Launches the Redmi A5 in Kenya With a 5200mAh Battery

April 22, 2025
HyperOS 3

Xiaomi’s OS Could Give You Full Control Over CPU and GPU Settings

April 14, 2025
Xiaomi_Smartphones

Xiaomi Extends Software Updates to 6 Years: Full List of Devices

April 7, 2025

Latest

Communications Authority ranked by ITU as best in Africa ICT regulations

Media Blackout: Communications Authority Orders Halt to Live Protest Coverage

June 25, 2025
social media protests Kenya

#SiriNiNumbers: Gen Z-Led Protests Dominate Kenyan Streets and Social Media

June 25, 2025
How to Secure Your Phone and Yourself During Protests

How to Secure Your Phone (and Yourself) During Protests

June 25, 2025
xiaomi

Xiaomi June 26 Mega Launch: From EVs to Foldables

June 24, 2025
All-Screen-iPhone-2027-Apple

Apple Reportedly Working on an All-Screen iPhone

June 24, 2025
Unified Payment Interface

CBK’s New Fast Payment System Plan Could Rival M-Pesa

June 24, 2025

Best devices

budget smartwatches 2025

Best Budget Smartwatches To Buy in Kenya 2025

February 13, 2025

Best Infinix Smartphones To Buy in Kenya 2024

February 13, 2025

Best Laptops for Battery Life in 2024

August 21, 2024

Best “Battery Warrior” Smartphones To Buy in 2024

August 22, 2024

Media Blackout: Communications Authority Orders Halt to Live Protest Coverage

June 25, 2025

#SiriNiNumbers: Gen Z-Led Protests Dominate Kenyan Streets and Social Media

June 25, 2025

Techweez is a fast growing influential source of technology news, reviews and analysis by leading tech geeks in the industry.

Follow Us

Editorials

Abductions and Arrests! Kenyan Government’s Fear and Hate of X Users Makes No Sense

Actors and Film Crews Are Worried About Veo 3 Taking Their Jobs

Samsung QLED TVs Now Officially Certified for Real Quantum Dot Technology

Trump’s Tariffs Will Be the End of Affordable Tech

5 Ways to Prep Your Tech for Resale

The Weaponization of PDFs: How Cybercriminals Are Exploiting a Trusted Format

More News

Starlink Resumes Sign-Ups in Nairobi After 7-Month Freeze

ASUS ROG Flow Z13 Proves Portability and Power Can Coexist

Infinix InBook Air Review: Perfect Laptop for Students and Simple Workflows

Spotify Lossless HiFi Update Nears Reality After Years of Delay

WhatsApp Is Testing a New AI Tool To Help Users Write Texts

How to Check Your SHIF Status in Kenya: A Complete Guide

  • Terms Of Use
  • Techweez Brand
  • Privacy & Policy
  • Contact Us

© 2024 Techweez - Palahala Media Group may earn a commission when you buy through links on our sites.
A Palahala Media Group Brand. All rights reserved.
.

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In

Add New Playlist

Techweez | Tech News, Reviews, Deals, Tips and How To
Crunchy Cookies 🍪 Ahead!

Hey there! Just a heads-up: we're big fans of cookies - both the digital and edible kind! 🍪 We use our cookies and some from third parties to ensure your browsing experience on our site is smooth sailing and secure.

 

But wait, there's more! We also use cookies to gather stats and insights on how you navigate our site. It's like getting a behind-the-scenes peek at your digital adventures!

 

Don't worry, you're in control. You can adjust your cookie settings anytime to suit your preferences. Feeling curious? Dive into our Privacy Policy for all the juicy details. Happy browsing! 🚀

Functional Always active
Listen, this legal stuff is about as exciting as watching paint dry. But it basically says we only use your stuff for what you asked us to do, and nobody else gets to peek!
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
It's those sneaky cookie crumbs websites leave behind to count visitors, like counting ants at a picnic! Totally harmless, just for fun facts. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
Hey there! Just letting you know we use some fancy gizmos to remember your preferences. This way, we can show you ads that are, well, not completely bananas.
Manage options Manage services Manage {vendor_count} vendors Read more about these purposes
Make cookies
{title} {title} {title}
Techweez | Tech News, Reviews, Deals, Tips and How To
Crunchy Cookies 🍪 Ahead!
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
Listen, this legal stuff is about as exciting as watching paint dry. But it basically says we only use your stuff for what you asked us to do, and nobody else gets to peek!
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
It's those sneaky cookie crumbs websites leave behind to count visitors, like counting ants at a picnic! Totally harmless, just for fun facts. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
Hey there! Just letting you know we use some fancy gizmos to remember your preferences. This way, we can show you ads that are, well, not completely bananas.
Manage options Manage services Manage {vendor_count} vendors Read more about these purposes
Make cookies
{title} {title} {title}
No Result
View All Result
  • News
  • Reviews
  • Features
  • Editorial
  • Automotive
  • Entertainment

© 2024 Techweez - Palahala Media Group may earn a commission when you buy through links on our sites.
A Palahala Media Group Brand. All rights reserved.
.