Download Certificate- Most Promising Partner | ECIO | Most Admired Brand | Most Trusted Company

Vulnerabilities in Xiaomi Phones could have led Hackers to Forge Payments


By MYBRANDBOOK


Vulnerabilities in Xiaomi Phones could have led Hackers to Forge Payments

Check Point Research (CPR) identified vulnerabilities in Xiaomi’s mobile payment mechanism. Left unpatched, an attacker could steal private keys used to sign Wechat Pay control and payment packages. Worst case, an unprivileged Android app could have created and signed a fake payment package.

 

Vulnerabilities were found in Xiaomi's Trusted Environment

Over 1 billion users could have been affected

Xiaomi acknowledged and fixed the security flaws

 

Check Point Research (CPR) identified vulnerabilities in Xiaomi’s mobile payment mechanism. Left unpatched, an attacker could steal private keys used to sign Wechat Pay control and payment packages. In the worst case, an unprivileged Android app could have created and signed a fake payment package.

 

Specifically, the vulnerabilities were found in Xiaomi's Trusted Environment, which is responsible for storing and managing sensitive information such as keys and passwords. The devices studied by CPR were powered by MediaTek chips.

 

Two Attack Paths

CPR discovered two ways to attack the trusted code:

From an unprivileged Android app: The user installs a malicious application and launches it. The app extracts the keys and sends a fake payment packet to steal the money.

 

If the attacker has the target devices in their hands: The attacker rootes the device, then downgrades the trust environment, and then runs the code to create a fake payment package without an application.

 

Responsible Disclosure

CPR responsibly disclosed its findings to Xiaomi. Xiaomi acknowledged and issued fixes.

Quote: Slava Makkaveev, Security Researcher at Check Point:

“We discovered a set of vulnerabilities that could allow forging of payment packages or disabling the payment system directly, from an unprivileged Android application. We were able to hack into WeChat Pay and implemented a fully worked proof of concept. Our study marks the first time Xiaomi's trusted applications are being reviewed for security issues.

 

We immediately disclosed our findings to Xiaomi, who worked swiftly to issue a fix. Our message to the public is to constantly make sure your phones are updated to the latest version provided by the manufacturer. If even mobile payments are not secure, then what is?”
 BREAKING NEWS  BREAKING NEWS
Cisco announces AI-native secure Wi-Fi 7 for future-ready employe

Cisco announces AI-native secure Wi-Fi 7 for future-ready employe...

Announcing a major leap in wireless technology, Cisco has launched its Wi...

The BSE benchmark Sensex tumbled over 800 points, leaving investo

The BSE benchmark Sensex tumbled over 800 points, leaving investo...

The BSE benchmark Sensex recently experienced a significant drop, tumblin...

North Korean GPS Interference Disrupts Air Traffic

North Korean GPS Interference Disrupts Air Traffic...

South Korea's military has publicly accused North Korea of disrupting GP...

US ordered TSMC to halt chip shipments to China

US ordered TSMC to halt chip shipments to China...

TSMC has had regular discussions with the government on export control issu...

 TECHNO TRENDS  Placeholder image
Nazara and ONDC set to transform in-game monetization with ‘

Nazara and ONDC set to transform in-game monetization with ‘

Nazara Technologies has teamed up with the Open Network for Digital Comme...

Jio Platforms and NICSI to offer cloud services to government

Jio Platforms and NICSI to offer cloud services to government

In a collaborative initiative, the National Informatics Centre Services In...

BSNL awards ₹5,000 Cr Project to RVNL-Led Consortium

BSNL awards ₹5,000 Cr Project to RVNL-Led Consortium

A syndicate led by Rail Vikas Nigam Limited (abbreviated as RVNL), along wi...

Pinterest tracks users without consent, alleges complaint

Pinterest tracks users without consent, alleges complaint

A recent complaint alleges that Pinterest, the popular image-sharing platf...

 E-Magazine 
 TECHNOTAINMENT  Placeholder image
Eloelo teams up with Elvish Yadav for India's biggest digital

Eloelo teams up with Elvish Yadav for India's biggest digital

Netflix adds 'Moments' feature for saving, sharing scenes from

Netflix adds 'Moments' feature for saving, sharing scenes from

Netflix has introduced a new “Moments” feature on its mobile app, whic
Jacqueline Fernandez come together with YouTuber Mr. Beast for

Jacqueline Fernandez come together with YouTuber Mr. Beast for

Jacqueline Fernandez has partnered with American YouTuber Mr. Beast to b
 MOVERS & SHAKERS  Placeholder image
Kamal Nath quits SIFY Technologies

Kamal Nath quits SIFY Technologies

Visa elevates Rishi Chhabra as new Country Manager for India

Visa elevates Rishi Chhabra as new Country Manager for India

Rishi holds a Master’s in Industrial Engineering from The Ohio State Univ
Genesys welcomes Albert Nel as Senior VP and Regional Sales Le

Genesys welcomes Albert Nel as Senior VP and Regional Sales Le

Genesys continues to deepen its investment in the APAC region. Earlier this
 OPEN YOUR EYES  Placeholder image

On the technology aspect Remote Work, is now the buzz word in the Industry
The disruption in the technology demands to ensure business continuity
Tools and technologies are being used for Remote Work and Collaboration Teams
The rise in internet usage has opened the doors to conduct cyber-attacks
No road block for the cyber espionage cases
 INTERVIEWS  Placeholder image
AMD Pensando driving innovation in the DPU architecture space

AMD Pensando driving innovation in the DPU architecture space

Alcatel-Lucent Enterprise Carrying a 100 year legacy ahead

Alcatel-Lucent Enterprise Carrying a 100 year legacy ahead

A good amount of R&D works and global support services are operated out of

Acer addresses evolving customer needs by consistently pushing

Acer addresses evolving customer needs by consistently pushing

Acer offers a comprehensive range of products under one roof, including des
 HOT PICK  Placeholder image
BOULT unveils AmpVault V10 & V20 powerbanks: Fast charging, sa

BOULT unveils AmpVault V10 & V20 powerbanks: Fast charging, sa

SonicWall Launches TZ80: A Powerful Solution for Remote Office

SonicWall Launches TZ80: A Powerful Solution for Remote Office

SonicWall announced today the launch of the TZ80, a groundbreaking securit
Gigabyte X3D Turbo: A Gaming Revolution

Gigabyte X3D Turbo: A Gaming Revolution

GIGABYTE X3D Turbo Mode is a cutting-edge feature that unifies cores distr
 MAKE IN INDIA BRANDS   Placeholder image
DIGISOL SYSTEMS LTD.

DIGISOL SYSTEMS LTD.


ALPHAMAX TECHNOLOGIES PVT. LTD.

ALPHAMAX TECHNOLOGIES PVT. LTD.


DATA SAFEGUARD INDIA PRIVATE LIMITED

DATA SAFEGUARD INDIA PRIVATE LIMITED


BEETEL TELETECH LTD.

BEETEL TELETECH LTD.


 EMINENT CIO'S OF INDIA  EMINENT CIO'S OF INDIA

STRATEGIC FRAMEWORK FOR SUSTAINABLE BUSINESS EXPANSION IS PATHWAY TO PROSPERITY

Accelerate the adoption of AI and machine learning...

SUSTAINING SUCCESS BY DELIVERING VALUE TO CUSTOMERS

This includes conducting regular audits, risk asse...

AIM TO PUT IA SOLUTIONS WITH A WIDE “GENERAL INTELLIGENCE” SCOPE INTO PRACTICE

Our firm is fortunate to be led by distinguished i...

 ICONS OF INDIA  Placeholder image

ICONS OF INDIA : SANTHOSH VISWANATHAN

Santhosh Viswanathan is the the Vice President and Managing Director f...

ICONS OF INDIA : RAJIV MEMANI

As Chair of the EY Global Emerging Markets Committee, Rajiv connects e...

ICONS OF INDIA : SUNIL VACHANI

Sunil Vachani is the Chairman of Dixon Technologies (India) Ltd. Under...

 PARTNER SPEAKERS  EMINENT CIO'S OF INDIA

A "Make in India" brand dedicated to offer high quality communication products

For any brand to be successful, it is crucial that it understands the market d...

Innovation and Adaptability help to stay relevant

Utilizing data analytics tools, companies can track various metrics such as we...

Fostering Positive Relationships and Enhancing Customer Satisfaction

Bloom Electronics’ data-driven insights for strategic brand decision and bra...

 PSU  Placeholder image

ITI - ITI Limited 

ITI Limited is a leading provider of telecommunications equipment, sol...

UIDAI - Unique Identification Authority of India

UIDAI and the Aadhaar system represent a significant milestone in Indi...

BSE - Bombay Stock Exchange  

The Bombay Stock Exchange (BSE) is one of India’s largest and oldest...

 VIDEOS  Placeholder image

 Top 25 Brands  Solution partners

HEWLETT PACKARD ENTERPRISE COMPANY (HPE)

HPE is an edge-to-cloud company with offerings spanning Cloud Services, Comput...

Most Trusted Brands 2024: Nvidia Corporation

NVIDIA, founded in 1993, has evolved significantly over the years. Initially k...

Most Trusted Brands 2024: WIPRO LTD.

Wipro Ltd. is a leading information technology, consulting, and business proce...

 Global Indian industry   Value-Added Distribution

Indian Tech Talent Excelling The Tech World - PADMASREE WARRIOR, Founder, President & CEO - Fable

Padmasree Warrior, the Founder, President, and CEO of Fable, is revolu...

Indian Tech Talent Excelling The Tech World - JAYASHREE ULLAL, President and CEO - Arista Network

Jayshree V. Ullal is a British-American billionaire businesswoman, ser...

Indian Tech Talent Excelling The Tech World - NIKESH ARORA, Chairman CEO - Palo Alto Networks

Nikesh Arora, the Chairman and CEO of Palo Alto Networks, is steering ...

 STARNITE AWARDS 2024  
 ITFORUM 2024  
   
 CMO of the Year   Placeholder image
 WOMEN LEADERSHIP  Placeholder image
 IMAGE GALLERY   Placeholder image
 TRENDS IN TECHNOLOGY  Placeholder image
MORE VIDEOS  Placeholder image
Brand Book
Brand Book
Brand Book
Brand Book
 ADVERTISEMENTS  Placeholder image
Brandbook Brandbook
 TECHNOLOGY DISRUPTION Placeholder image

BEL & IAI sign MoU to address requirements in Short Range Air Defence Systems’ domain

BEL & IAI sign MoU to address requirements in Short Range Air Defence Systems’ domain

IUDX Becomes First Software Platform to Fully Adopt BIS Standards for Unified Data Exchange

IUDX Becomes First Software Platform to Fully Adopt BIS Standards for Unified Data Exchange

New tricks to deliver phishing attacks

New tricks to deliver phishing attacks

ISG recognizes HARMAN DTS as a leader in Provider Lens™ for IoT Services and Solutions

ISG recognizes HARMAN DTS as a leader in Provider Lens™ for IoT Services and Solutions

 UNICORNS REVOLUTIONISING Placeholder image

BoAt Lifestyle

BoAt Lifestyle

KRUTRIM 

KRUTRIM 

Amagi Media Labs Private Limited

Amagi Media Labs Private Limited

Girnar Software Private Limited

Girnar Software Private Limited


Copyright www.mybrandbook.co.in @1999-2024 - All rights reserved.
Reproduction in whole or in part in any form or medium without express written permission of Kalinga Digital Media Pvt. Ltd. is prohibited.
Other Initiatives : www.varindia.com | www.spoindia.org
ADMIRED BRANDS

AFTER MARKET SERVICES

CATEGORIES

DISTRIBUTORS & VADs
GOVERNMENT BODIES

INDUSTRY BODIES

MAKE IN INDIA

CONTACT US

SUBSCRIBE NOW