Earlier this week, Bluebox, a data security company, released a findings report on their tests of the Xiaomi Mi 4 smartphone. Unfortunately for Xiaomi, their results were far from stellar. Not only did the security firm find malicious malware installed on the device, but some of it was even disguised to appear as Google apps. Even worse, they believe an unknown third party tampered with the Android-powered smartphone. Read on for more details about what they found, as well as Xiaomi's official response to the report.
Among the malicious installations the security researchers found were trojans that allowed hackers access to the device, as well as adware that was disguised to look like a verified Google application. While Bluebox said they checked the device with Xiaomi’s “Mi Identification” app to make sure it was the real product, in short they found it "vulnerable to every vulnerability we scanned for." Worst of all, they said signatures in several of the phone's app didn't match with the signing key Xiaomi normally used, leading them to believe there may have been third-party tampering.
Bluebox lead security analyst Andrew Blaich wrote that the version of Android running on the Mi 4 was non-certified, appearing to be a combination of KitKat 4.4.4 and an older version of the OS. Many of the security holes and bugs they discovered were said to be directly related to older versions of Android. Blaich added that it wasn't clear to them if the device they received was a final consumer product, or a model meant for testing.
Click on the link below to read more.