Read Time:1 Minute, 33 Second

The security of Xiaomi’s mobile payment system is far from perfect; Check Point Research, a cyber threat intelligence research team released a report which revealed significant vulnerabilities in Xiaomi’s Mi-Pay.

Xiaomi is one of the leading smartphone manufacturers in China, and its products are increasingly popular globally. The company launched Mi-Pay in 2015 as a contactless payment method for Xiaomi users, which allows cashless transactions such as instant money transfers, linking bank accounts, paying bills, and more.

Check Point Research is a cyber threat intelligence research team that is part of the security firm Check Point Software Technologies. The group has published several reports on vulnerabilities in popular tech products, including Apple’s iOS operating system and the Android mobile platform. 

According to the report, the vulnerabilities could have allowed attackers to access users’ Mi-Pay accounts and perform unauthorised transactions remotely. 

The researchers found that the Xiaomi server was not verifying the source of requests, meaning that anyone could send requests to the server and access account information. The report showed that the Tencent Soter used by Xiaomi devices is compromised. Tencent Soter is the embedded mobile payment network used by Xiaomi to verify payment packages.

Check Point Research also found that trusted apps on Xiaomi can be downgraded. “We found that attacker can transfer an old version of a trusted app to the device and use it to overwrite the new app file,” says the report. This means that attackers may bypass any security fixes made by Xiaomi, thereby making them vulnerable.

After the report’s release, Xiaomi acknowledged the vulnerabilities presented and addressed the security concerns raised by Check Point Research. 

The Check Point Research report serves as a reminder that even big tech companies are not immune to security threats and that users should always be vigilant about their online safety.

About Post Author

George Walsh

george@writefuel.com
Happy
Happy
0 %
Sad
Sad
0 %
Excited
Excited
0 %
Sleepy
Sleepy
0 %
Angry
Angry
0 %
Surprise
Surprise
0 %
Total
0
Shares
Share 0
Tweet 0
Pin it 0
Share 0
0 0
In,
cookie method Previous post The Cookie Method: New Perimeter Bypass through Cookie Stealing
email security Next post EasyDMARC Obtains Seed Fund Funding From Acrobator Ventures; Improved Services Are a Go

More Stories