The purpose of security apps is to protect devices and user data. However, Xiaomi’s pre-installed security app did just the opposite and made its smartphones more vulnerable to attacks.
The app in question is Xiaomi’s security app, Guard Provider, which uses anti-virus scanners from popular developers like Avast, AVL, and Tencent to scan for the presence of malware.
According to Slava Makkaveev, a security researcher from Check Point, the Guard Provider app receives updates through an unsecured HTTP connection — leaving the device open to all kinds of abuse.
Any bad actor can abuse the Avast Update APK and inject malware through a man-in-the-middle (MiTM) attack, as long as the attacker and the victim are on the same Wi-Fi network.
A classic example of MiTM attack is active eavesdropping, where an attacker establishes an independent connection with the victim’s device.
On the surface, victims believe they are communicating with a reliable third party, but the attacker is actually intercepting those messages and even inserting new ones.
Eavesdropping is just one of the threats. Makkaveev says that MiTM can also be used to inject ransomware or trackers.
The Guard Provider app comes pre-installed on Xiaomi phones, which means there are millions of devices out there that have this security flaw. But the good news is that Xiaomi quickly released a security patch to fix the issue by working with Avast.