Tech News

Xiaomi Phones Vulnerable to Forged Payments – Are MediaTech Chips To Blame

By Abdul Wahab
Xiaomi Phones Vulnerable to Forged Payments

Major security flaws were discovered in two Xiaomi phones, including the Xiaomi Redmi Note 9T and the Redmi Note 11 models. According to Check Point, flaws were found in the devices that were powered by MediaTek chipsets when they were conducting a security analysis of a Chinese handset maker’s Kinibi Trusted Execution Environment or TEE.

TEE is secure enclaves inside the main processor used to process and store sensitive information, including cryptographic keys. They help main confidentiality and integrity. 

The Israeli cyber security firm discovered that a trusted app could be downgraded on a Xiaomi device if there was a lack of control. Therefore, it enabled the attacker to replace the newer and more secure app with one that was old and vulnerable. 

Due to this, Researcher Slava Makkaveev from Check Point believes that the attacker can bypass security fixes Xiaomi or MediaTek make in trusted apps and downgrade them to their older unpatched versions.

Furthermore, the researchers have also found a vulnerability in thhadmin, a trusted app responsible for security management. Attackers could abuse and leak stored keys or execute arbitrary code and pin it on the app. 

The weakness aims at trusted apps developed by Xiaomi and implement cryptographic operations related to service, Tencent Soter, which is a biometric standard. It functions as an embedded mobile payment framework and authorizes transactions made on third-party apps that use WeChat and AliPay.

However, a heap overflow vulnerability on the soter trusted app could be exploited to induce a denial of service by an Android app that may not have permission to communicate with TEE directly. 

Furthermore, chaining the previously mentioned downgrade attack in an attempt to replace the soter trusted app with an old and vulnerable version could make extracting private keys used to sign payment packages possible, according to Check Point

Read Also

Related posts:

Xiaomi 13 Pro Finally Gets a Launch - Impressive Cameras, Better Charging, and a Brand New Chip
The Effects of Storage Capacity on Oil Trading
LG Turns Its OLED TV into a Huge Gaming Monitor called LG UltraGear 48GQ900
Vehicles Could Be Disrupted Remotely If GPS Tracker Remains Unpatched

By Abdul Wahab

Abdul Wahab is a Software Engineer by profession and a Tech geek by nature. Having been associated with the tech industry for the last five years, he has covered a wide range of Tech topics and produced well-researched and engaging content. You will mostly find him reviewing tech products and writing blog posts. Binge-watching tech reviews and endlessly reading tech blogs are his favorite hobbies.

Related Post

Tech News

New X-Men Skins May Be in Store for Fortnite

Abdul Wahab
Tech News

Hogwarts Legacy Sidequest May Hint at a Possible Sequel

Bethany Wilson
Tech News

Infection Free Zone is Gaining Traction

Bethany Wilson

You Missed

Reviews

Host4Geeks Review

Latest Articles

5 Best eGPUs – Add Graphics Power to Your Laptop

Reviews

AzireVPN Review

How-tos & Tutorials

How to Uninstall NordVPN on Windows

Show Buttons
Hide Buttons