Are you using a Xiaomi's Mi or Redmi smartphone... Immediately stop using MI browser!
By MYBRANDBOOK
Are you using a Xiaomi's Mi or Redmi smartphone ??
Be alert !!!
Immediately stop using its built-in MI browser or the Mint browser available on Google Play Store for non-Xiaomi Android devices. Because both web browser apps created by Xiaomi are vulnerable to a critical vulnerability which has not yet been patched even after being privately reported to the company, a researcher told on a report.
The vulnerability, identified as CVE-2019-10875 and discovered by security researcher Arif Khan, is a browser address bar spoofing issue that originates because of a logical flaw in the browser's interface, allowing a malicious website to control URLs displayed in the address bar. According to the advisory, affected browsers are not properly handling the "q" query parameter in the URLs, thus fail to display the portion of an https URL before the ?q= substring in the address bar. Since the address bar of a web browser is the most reliable and essential security indicator, the flaw can be used to easily trick Xiaomi users into thinking they are visiting a trusted website when actually being served with a phishing or malicious content, as shown in the video demonstration below.
The phishing attacks today are more sophisticated and increasingly more difficult to spot, and this URL spoofing vulnerability takes it to another level, allowing one to bypass basic indicators like URL and SSL, which are the first things a user checks to determine if a site is fake.
< p align="justify">Here’s how attackers can spoof URLs on Mint or MI Browser:
Just add "?q=" parameter after any URL following the targeted domain,
Example → https://t.co/WyxUCwg8OO
Xiaomi browsers will display "https://t.co/oMypZM6lQW" in the URL while loading the content from phishing site. pic.twitter.com/Ex6u4cxNRY
The researcher also confirmed on a report that the issue only affects the international variants of both the web browsers, though the domestic versions, distributed with Xiaomi smartphones in China, do not contain this vulnerability.
Another interesting though weird thing is that upon reporting the issue, Xiaomi rewarded the researcher with a bug bounty, but left the vulnerability unpatched.
"The vulnerability impacts millions of users globally yet the bounty offered as such was, $99 (for Mi Browser) and another $99 (for Mint Browser)," the researcher said.
"I would like to inform you that as of there is no official update regarding the issue. However, would request you to stay connected with the forum page for further details in this regards," the company said.
This is the second recently-disclosed severe issue that researchers have identified in pre-installed apps on more than 150 million Android devices manufactured by Xiaomi.
Android users are highly advised to use modern web browsers that are not affected by this vulnerability, such as Chrome or Firefox.
Besides this, if you are using Microsoft Edge or Internet Explorer browser on your desktop, you should also avoid using them since both browsers also contain a critical vulnerability which has not yet been patched by the tech giant.
BREAKING NEWS
TECHNO TRENDS
Legal Battle Over IT Act Intensifies Amid Musk’s India Plans
The outcome of the legal dispute between X Corp and the Indian government c...
Wipro inks 10-year deal with Phoenix Group's ReAssure UK worth
The agreement, executed through Wipro and its 100% subsidiary,...
Centre announces that DPDP Rules nearing Finalisation by April
The government seeks to refine the rules for robust data protection, ensuri...
Home Ministry cracks down on PoS agents in digital arrest scam
Digital arrest scams are a growing cybercrime where victims are coerced or ...
E-Magazine
TECHNOTAINMENT
Hrithik Roshan to endorse RuPay as Brand Ambassador
RuPay is reportedly planning to feature Bollywood superstar Hrithik Rosha
India Today Group launches – AI Pop Stars
Staying true to our industry leadership position in using cutting-edge tech
MOVERS & SHAKERS
TelioLabs ropes in Phaniraj V A as the Group CEO
TelioLabs has announced the onboarding of Phaniraj V A as its new Group CE
Wipro Appoints Amit Kumar as Managing Partner and Global Head
Wipro Limited (NYSE: WIT, BSE: 507685, NSE: WIPRO), a leading technology s
OPEN YOUR EYES
INTERVIEWS
AMD Pensando driving innovation in the DPU architecture space
AMD Pensando stands out in the DPU (Data Processing Unit) market with its u
Cisco building a trusted and resilient future for the nation
Security is foundational to everything Cisco does and customers insist on e
HOT PICK
MSI Announces the availability of RTX 50 series of laptops in
MSI, the innovative computing manufacturer in gaming, creator
Nothing Phone (3a) goes on sale today, starting at Rs 19,999
The phone was launched on March 4, featuring a 50MP main, ultra-wide, and t
MAKE IN INDIA BRANDS
VERSA NETWORKS INDIA PVT. LTD.
DIGISOL SYSTEMS LTD.
VEHERE INTERACTIVE PVT. LTD.
ZOHO CORPORATION PVT. LTD.
EMINENT CIO'S OF INDIA
ICONS OF INDIA
Icons Of India : NIKHIL RATHI
Co-founder & CEO of Web Werks, a global leader in Data Centers and Clo...
Icons Of India : Anil Kumar Lahoti
Anil Kumar Lahoti, Chairman, Telecom Regulatory Authority of India (TR...
Icons Of India : NATARAJAN CHANDRASEKARAN
Natarajan Chandrasekaran (Chandra) is the Chairman of Tata Sons, the h...
PARTNER SPEAKERS
PSU
STPI - Software Technology Parks of India
STPI promotes and facilitates the growth of the IT and ITES industry i...
RailTel Corporation of India Limited
RailTel is a leading telecommunications infrastructure provider in Ind...
C-DAC - Centre for Development of Advanced Computing
C-DAC is uniquely positioned in the field of advanced computing...
VIDEOS
Top 25 Brands
Global Indian industry
Indian Tech Talent Excelling The Tech World - Satya Nadella, Chairman & CEO- Microsoft
Satya Nadella, the Chairman and CEO of Microsoft, recently emphasized ...
Indian Tech Talent Excelling The Tech World - REVATHI ADVAITHI, CEO- Flex
Revathi Advaithi, the CEO of Flex, is a dynamic leader driving growth ...
Indian Tech Talent Excelling The Tech World - ANJALI SUD, CEO – Tubi
Anjali Sud, the former CEO of Vimeo, now leads Tubi, Fox Corporation...
ITFORUM 2025
CMO of the Year
WOMEN LEADERSHIP
IMAGE GALLERY
TRENDS IN TECHNOLOGY
MORE VIDEOS
ADVERTISEMENTS
TECHNOLOGY DISRUPTION
UNICORNS REVOLUTIONISING
of images belongs to the respective copyright holders
