Xiaomi rejects eScan report that alleged security flaws in MIUI system apps | HT Tech

Xiaomi rejects eScan report that alleged security flaws in MIUI system apps

Xiaomi says the security vulnerability pointed out by eScan is “theoretical.” So, are the Xiaomi smartphones safe enough? Here’s what the two sides have to say.

By: HT CORRESPONDENT
| Updated on: Aug 11 2017, 14:21 IST
The eScan study says in order to use a smartphone to its fullest potential, one needs to think/analysis the technical specs before opting for it.
The eScan study says in order to use a smartphone to its fullest potential, one needs to think/analysis the technical specs before opting for it. (Xiaomi)

Smartphone company Xiaomi has rejected security concerns raised by the internet security company, eScan. In a detailed report released on Thursday, eScan claimed to have found multiple flaws in Xiaomi's MIUI system applications that could lead to "unintentional vulnerabilities into end-user as well as security apps". Xiaomi, however, responded to the report immediately, stating the company has taken all possible measures to ensure its devices and services adhere to its privacy policy.

In its report, eScan had alleged that Xiaomi's MI-Mover app, which helps you move your apps and data from an old device to a Mi Phone, "overrides the application sandbox of the Android OS."

You may be interested in

MobilesTablets Laptops
7% OFF
Apple iPhone 15 Pro Max
  • Black Titanium
  • 8 GB RAM
  • 256 GB Storage
23% OFF
Samsung Galaxy S23 Ultra 5G
  • Green
  • 12 GB RAM
  • 256 GB Storage
Google Pixel 8 Pro
  • Obsidian
  • 12 GB RAM
  • 128 GB Storage
Apple iPhone 15 Plus
  • Black
  • 6 GB RAM
  • 128 GB Storage

"Any device-administrator app can be uninstalled without revoking its device-admin rights. Unlike other smartphones, Xiaomi with MI-Mover can be cloned in few minutes without needing to root the device. MIUI devices rather than deleting, hides the Work-Profile Admin app," said the report, while adding it's not "easy to delete the Work-Profile," the report claimed.

Also read
Looking for a smartphone? To check mobile finder click here.

It added that the inability to differentiate workspace profile from personal profile poses a "serious challenge from the security point of view in Enterprise Mobility Management." You can read eScan's full report here.

Responding to the eScan report, Xiaomi said, "We strongly disagree with the allegations made by Escan in their report. As a global Internet company, Xiaomi takes all possible steps to ensure our devices and services adhere to our privacy policy."

"Any perpetrator who gains physical access to an unlocked phone, is capable of malicious activity and an unlocked phone is greatly at risk of user data being stolen. This is why, we at Xiaomi encourage our users to be more aware of guarding their private data using PIN, Pattern locks, or the onboard fingerprint sensor available on most of our smartphones. In fact, prompting users to enable fingerprint lock is a standard step when setting up a Xiaomi smartphone for first use," the report continued.

"Mi Mover is designed to be a convenient tool for our users to move their data from an old smartphone to a new phone. In order for Mi Mover to initiate this process, a password is required. More importantly, in order to use Mi Mover, the smartphone has to be unlocked. Thus, there are two layers of protection for the user - phone lock and a Mi Mover password that are necessary," it added.

"Further, as per the Escan report, "As part of exploiting the issue you describe, someone needs to take control of a user's mobile phone and get that phone in an unlocked state. This is a very high barrier to entry and seems unlikely to happen commonly, making this more of a theoretical attack. The protection, in this case, is to not allow someone to steal and unlock your phone," Xiaomi's report concluded.

Catch all the Latest Tech News, Mobile News, Laptop News, Gaming news, Wearables News , How To News, also keep up with us on Whatsapp channel,Twitter, Facebook, Google News, and Instagram. For our latest videos, subscribe to our YouTube channel.

First Published Date: 11 Aug, 14:21 IST
NEXT ARTICLE BEGINS