Xiaomi: after the antivirus, its web browsers are also vulnerable
By Linky Johnson 2019-06-05 339 0
It's a hard blow for Xiaomi, who's the target of security researchers right now. After the manufacturer's application related to security, it is the turn of his web browsers to be pointed at. These present a security flaw that allows a malicious site to pretend to be something it is not.
Discovered by researcher Arif Khan, this CVE-2019-10875 flaw allows to deceive a user by modifying the URL displayed in the address bar of Mi Browser browsers - integrated natively on all smartphones of the brand - and Mint Browser. To do this, simply add a variable ?q= in the URL, followed by an existing address. For example, the URL http://www.frandroid.com/?q=www.facebook.com displays the FrAndroid home page, but under the URL of the famous social network.
We can therefore imagine a hacker sending a link to a user by doing what he is not and asking his victim to click on a link similar to that of his bank or access provider, for example to retrieve private information.
This vulnerability affects all available Xiaomi smart phones, including the latest ones such as the Xiaomi Mi 9 or the Redmi Note 7. Although warned of the problem, Xiaomi confirmed to The Hacker News that the flaw had still not been patched, which we quickly noticed (see screenshot above).
One point also raises conspiracy concerns: this loophole would only affect smart phones marketed internationally and not those offered in China. Some people therefore see it as a problem that was deliberately left behind, some people think that Xiaomi paid the security researcher for his discovery (as is customary when a security breach is discovered), but do not seem to act to correct it.
Knowing that this vulnerability is linked to an application and not directly to the system, it is sufficient to use another web browser such as Google Chrome or Firefox for example to protect yourself.
Extensive Product Selection● Over 300,000 products ● 20 different categories ● 15 local warehosues ● Multiple top brands | Convenient Payment● Global payment options: Visa, MasterCard, American Express ● PayPal, Western Union and bank transfer are accepted ● Boleto Bancario via Ebanx (for Brazil) | ||
Prompt Shipping● Unregistered air mail ● Registered air mail ● Priority line ● Expedited shipping | Dedicated After-sales Service● 45 day money back guarantee ● 365 day free repair warranty ● 7 day Dead on Arrival guarantee (DOA) |
HOT
-
Redmi AirDots vs. Xiaomi Mi AirDots: same true wireless earbuds at half the price?
2019-03-20By GB Blog Official
-
Xiaomi Mi band 4 international version VS Chinese version: What the difference between them?
2019-07-03By Joe Horner
-
Honor MagicWatch 2 VS Huawei Watch GT2: Full Specifications & Features Comparison
2019-11-27By Joe Horner
-
iPhone XS Max, iPhone XS and iPhone XR: how to choose the best new iPhone
2018-09-14By GB Blog Official
-
i10 TWS vs Apple AirPods: is the perfect AirPods replica finally here?
2019-01-10By GB Blog Official
-
Haylou GT1 Plus VS Haylou GT1 VS Haylou GT1 Pro VS Haylou GT2: Winner is?
2019-11-21By Joe Horner
Related Products
Prev article:OnePlus 3 and 3T: they will have well Android 9.0 Pie the beta is launched
Next article:Pocophone F1: the update bringing Netflix in HD and 4K at 60 fps is being deployed