Even though Xiaomi’s security app is meant to protect its devices and user data, researchers at security firm Check Point disclosed earlier today that the app did the opposite.
Called Guard Provider, the app uses anti-virus scanners from Avast, AVL, and Tencent to detect potential malware. With Android malware finding different ways to get onto your device, it’s not surprising to learn that Xiaomi pre-installs Guard Provider on all of its phones.
However, Check Point researchers found a glaring security flaw with the app — its update mechanism.
According to Check Point researcher Slava Makkaveev, Guard Provider receives updates through an unsecured HTTP connection. That means that bad actors could abuse the Avast Update APK and insert malware through a man-in-the-middle (MITM) attack, so long as they were on the same Wi-Fi network as their potential victims.
Antivirus Android apps remain one of the most popular types of applications on Android. Generally, you don’t need an antivirus app if you play it safe, only download apps from the Play Store, and keep …
An example of a MITM attack is active eavesdropping, which involves an attacker setting up an independent connection with a victim. The victim believes they’re relaying messages with a legitimate third party, with the reality being that the attacker intercepts their messages and throws in new ones.
In addition to malware, Makkaveev said that attackers can also use MITM attacks to inject ransomware or tracking apps. Attackers can even learn the file name of the update in order to make their software look as innocuous as possible.