Download Certificate- Most Promising Partner | ECIO | Most Admired Brand | Most Trusted Company

Vulnerabilities in Xiaomi Phones could have led Hackers to Forge Payments


By MYBRANDBOOK


Vulnerabilities in Xiaomi Phones could have led Hackers to Forge Payments

Check Point Research (CPR) identified vulnerabilities in Xiaomi’s mobile payment mechanism. Left unpatched, an attacker could steal private keys used to sign Wechat Pay control and payment packages. Worst case, an unprivileged Android app could have created and signed a fake payment package.

 

Vulnerabilities were found in Xiaomi's Trusted Environment

Over 1 billion users could have been affected

Xiaomi acknowledged and fixed the security flaws

 

Check Point Research (CPR) identified vulnerabilities in Xiaomi’s mobile payment mechanism. Left unpatched, an attacker could steal private keys used to sign Wechat Pay control and payment packages. In the worst case, an unprivileged Android app could have created and signed a fake payment package.

 

Specifically, the vulnerabilities were found in Xiaomi's Trusted Environment, which is responsible for storing and managing sensitive information such as keys and passwords. The devices studied by CPR were powered by MediaTek chips.

 

Two Attack Paths

CPR discovered two ways to attack the trusted code:

From an unprivileged Android app: The user installs a malicious application and launches it. The app extracts the keys and sends a fake payment packet to steal the money.

 

If the attacker has the target devices in their hands: The attacker rootes the device, then downgrades the trust environment, and then runs the code to create a fake payment package without an application.

 

Responsible Disclosure

CPR responsibly disclosed its findings to Xiaomi. Xiaomi acknowledged and issued fixes.

Quote: Slava Makkaveev, Security Researcher at Check Point:

“We discovered a set of vulnerabilities that could allow forging of payment packages or disabling the payment system directly, from an unprivileged Android application. We were able to hack into WeChat Pay and implemented a fully worked proof of concept. Our study marks the first time Xiaomi's trusted applications are being reviewed for security issues.

 

We immediately disclosed our findings to Xiaomi, who worked swiftly to issue a fix. Our message to the public is to constantly make sure your phones are updated to the latest version provided by the manufacturer. If even mobile payments are not secure, then what is?”
 BREAKING NEWS  BREAKING NEWS
Elon Musk Merges X with xAI in $33 Billion Stock Deal

Elon Musk Merges X with xAI in $33 Billion Stock Deal...

Elon Musk has made waves once again by merging X (formerly Twitter) with...

India Strengthens Electronics Supply Chain with ₹22,919 Cr Manu

India Strengthens Electronics Supply Chain with ₹22,919 Cr Manu...

The scheme aims to attract an investment of INR 59,350 Cr, resulting in pro...

Govt Drops Import Duty making EV Batteries cheaper

Govt Drops Import Duty making EV Batteries cheaper...

The Centre is taking measures to counter the impact of US President Donald ...

CERT-In’s New Advisory Unveils Hidden Cyber Threats

CERT-In’s New Advisory Unveils Hidden Cyber Threats...

The advisory highlights critical vulnerabilities in AI models, outlines mul...

 TECHNO TRENDS  Placeholder image
Legal Battle Over IT Act Intensifies Amid Musk’s India Plans

Legal Battle Over IT Act Intensifies Amid Musk’s India Plans

The outcome of the legal dispute between X Corp and the Indian government c...

Wipro inks 10-year deal with Phoenix Group's ReAssure UK worth

Wipro inks 10-year deal with Phoenix Group's ReAssure UK worth

The agreement, executed through Wipro and its 100% subsidiary,...

Centre announces that DPDP Rules nearing Finalisation by April

Centre announces that DPDP Rules nearing Finalisation by April

The government seeks to refine the rules for robust data protection, ensuri...

Home Ministry cracks down on PoS agents in digital arrest scam

Home Ministry cracks down on PoS agents in digital arrest scam

Digital arrest scams are a growing cybercrime where victims are coerced or ...

 E-Magazine 
 TECHNOTAINMENT  Placeholder image
For 2nd Time, Kaspersky announced Mumbai Indians’ Official C

For 2nd Time, Kaspersky announced Mumbai Indians’ Official C

Hrithik Roshan to endorse RuPay as Brand Ambassador

Hrithik Roshan to endorse RuPay as Brand Ambassador

RuPay is reportedly planning to feature Bollywood superstar Hrithik Rosha
India Today Group launches – AI Pop Stars

India Today Group launches – AI Pop Stars

Staying true to our industry leadership position in using cutting-edge tech
 MOVERS & SHAKERS  Placeholder image
Cloudflare Promotes Goran Risticevic as VP & MD for APAC

Cloudflare Promotes Goran Risticevic as VP & MD for APAC

TelioLabs ropes in Phaniraj V A as the Group CEO

TelioLabs ropes in Phaniraj V A as the Group CEO

TelioLabs has announced the onboarding of Phaniraj V A as its new Group CE
Wipro Appoints Amit Kumar as Managing Partner and Global Head

Wipro Appoints Amit Kumar as Managing Partner and Global Head

Wipro Limited (NYSE: WIT, BSE: 507685, NSE: WIPRO), a leading technology s
 OPEN YOUR EYES  Placeholder image

Manufacturing sector will be the next growth engine for Indian Economics
Digital economy is at risk with the growing cyber attacks
How Technology companies are bringing innovative solutions during COVID-19
COVID-19 Crisis Leads To Rising Growth Of Enterprise Collaboration Market
Cyber Security, AI/ML & Public Cloud Top Priorities for CIOs
 INTERVIEWS  Placeholder image
Cisco building a trusted and resilient future for the nation

Cisco building a trusted and resilient future for the nation

Alpha Max offers high end solutions in the network space to en

Alpha Max offers high end solutions in the network space to en

The vision at Alpha Max is to attain quality as the trademark and create a

Delivering Critical Business Communication Solutions to Enterp

Delivering Critical Business Communication Solutions to Enterp

Arya Omnitalk and Syntel’s comprehensive suite of solutions and more than
 HOT PICK  Placeholder image
ASUS ExpertCenter P500 Mini Tower Desktop PC's launched in Ind

ASUS ExpertCenter P500 Mini Tower Desktop PC's launched in Ind

MSI Announces the availability of RTX 50 series of laptops in

MSI Announces the availability of RTX 50 series of laptops in

MSI, the innovative computing manufacturer in gaming, creator
Nothing Phone (3a) goes on sale today, starting at Rs 19,999

Nothing Phone (3a) goes on sale today, starting at Rs 19,999

The phone was launched on March 4, featuring a 50MP main, ultra-wide, and t
 MAKE IN INDIA BRANDS   Placeholder image
SAFE SECURITY SERVICES PVT. LTD.

SAFE SECURITY SERVICES PVT. LTD.


DIGISOL SYSTEMS LTD.

DIGISOL SYSTEMS LTD.


ACER INDIA PVT. LTD.

ACER INDIA PVT. LTD.


FRESHWORKS TECHNOLOGIES PVT. LTD.

FRESHWORKS TECHNOLOGIES PVT. LTD.


 EMINENT CIO'S OF INDIA  EMINENT CIO'S OF INDIA

AI AND DATA ANALYTICS REVOLUTIONIZING HEALTHCARE SERVICES

...

USING AI & BI OFFERINGS TO ADDRESS CLIENT NEEDS

In the fiscal year 2024-25, Assisto Technologies h...

SUSTAINING SUCCESS BY DELIVERING VALUE TO CUSTOMERS

This includes conducting regular audits, risk asse...

 ICONS OF INDIA  Placeholder image

ICONS OF INDIA : SANTHOSH VISWANATHAN

Santhosh Viswanathan is the the Vice President and Managing Director f...

ICONS OF INDIA : ROSHNI NADAR MALHOTRA

Roshni Nadar Malhotra is the Chairperson of HCLTech, a leading global ...

ICONS OF INDIA : SANJAY NAYAR

Sanjay Nayar is a senior finance professional in the Indian private in...

 PARTNER SPEAKERS  EMINENT CIO'S OF INDIA

Investing in Innovation and Maintaining High Service Standards To Fortify its Brand Position

The rise of digital technology and cloud computing is a huge growth driver for...

Gauging Brand Awareness with Data-Driven insights

Arrow PC Network utilizes data-driven insights extensively to gauge brand awar...

Innovation, alliances, client trust and team: Key Drivers of Success

Digital transformation is indeed a critical area. Intensity Global focuses on ...

 PSU  Placeholder image

IFFCO - Indian Farmers Fertiliser Cooperative 

IFFCO operates as a cooperative society owned and controlled by its fa...

CERT-IN - Indian Computer Emergency Response Team

CERT-In is a national nodal agency for responding to computer security...

C-DOT - Center of Development of Telematics  

India’s premier research and development center focused on telecommu...

 VIDEOS  Placeholder image

 Top 25 Brands  Solution partners

Most Trusted Brands 2024:  Amazon.com Inc 

Amazon.com Inc., commonly known as Amazon, is an American multinational techno...

Most Trusted Brands 2024: GOOGLE

Google has a long history of technological innovation across various domains, ...

Most Trusted Brands 2024: Infosys Ltd.

Infosys, leverages emerging technologies and digital capabilities to help clie...

 Global Indian industry   Value-Added Distribution

Indian Tech Talent Excelling The Tech World - Aman Bhutani, CEO, GoDaddy

Aman Bhutani, the self-taught techie and CEO of GoDaddy, oversees a co...

Indian Tech Talent Excelling The Tech World - Vinod Dham, Founder & Executive Managing Partner, IndoUS Venture Partners

Vinod Dham, known as the “Father of the Pentium Chip,” has left an...

Indian Tech Talent Excelling The Tech World - Anirudh Devgan , President, Cadence Design

Anirudh Devgan, the Global President and CEO of Cadence Design Systems...

 ITFORUM 2025  
 STARNITE AWARDS 2024  
   
 CMO of the Year   Placeholder image
 WOMEN LEADERSHIP  Placeholder image
 IMAGE GALLERY   Placeholder image
 TRENDS IN TECHNOLOGY  Placeholder image
MORE VIDEOS  Placeholder image
Brand Book
Brand Book
Brand Book
Brand Book
 ADVERTISEMENTS  Placeholder image
Brandbook Brandbook
 TECHNOLOGY DISRUPTION Placeholder image

Starburst and ISpA team up to accelerate India’s space ecosystem

Starburst and ISpA team up to accelerate India’s space ecosystem

Can eSIM protect SIM swap frauds in India?

Can eSIM protect SIM swap frauds in India?

TDC Studios houses first virtually produced Australian feature

TDC Studios houses first virtually produced Australian feature

AVer and Barco Establish Technology Partnership to Enable Unified Collaboration

AVer and Barco Establish Technology Partnership to Enable Unified Collaboration

 UNICORNS REVOLUTIONISING Placeholder image

One MobiKwik Systems Limited

One MobiKwik Systems Limited

Acko General Insurance

Acko General Insurance

Resilient Innovations Private Limited

Resilient Innovations Private Limited

InMobi Private Limited

InMobi Private Limited


Copyright www.mybrandbook.co.in @1999-2025 - All rights reserved.
Reproduction in whole or in part in any form or medium without express written permission of Kalinga Digital Media Pvt. Ltd. is prohibited.
Other Initiatives : www.varindia.com | www.spoindia.org
of images belongs to the respective copyright holders
ADMIRED BRANDS

AFTER MARKET SERVICES

CATEGORIES

DISTRIBUTORS & VADs
GOVERNMENT BODIES

INDUSTRY BODIES

MAKE IN INDIA

EXPLORE THE NEW BRAND BOOK
CONTACT US

SUBSCRIBE NOW