Xiaomi's pre-installed security app Guard Provider exposes users to MitM attacks

• The vulnerability is due to insecure network traffic to and from Guard Provider and the use of multiple SDKs.
• Increased use of multiple SDKs within the same app could cause problems such as crashes, viruses, malware, privacy breaches, battery drain, slowdown, and more.

What is the issue - A vulnerability in Xiaomi’s pre-installed security app ‘Guard Provider’ could expose users to Man-in-the-Middle (MitM) attacks.

The big picture

Researchers from Check Point detected a vulnerability in Xiaomi’s pre-installed security app named Guard Provider that exposes users to MitM attacks.

• The vulnerability is due to insecure network traffic to and from ‘Guard Provider’ and the use of multiple SDKs.
• As a result, attackers connected to the same WiFi as users, can perform Man-in-the-Middle (MitM) attacks.
• Due to the use of multiple SDKs, attackers could also inject malware.

Software Development Kit (SDK) is a set of programming tools that help developers create apps for a specific platform. However, increased use of multiple SDKs within the same app makes could cause problems such as crashes, viruses, malware, privacy breaches, battery drain, slowdown, and more.

“According to a recent report though, the use of multiple SDKs in a single app is far more common than one might think. On average a single app now has over 18 SDKs implemented within the same app. But by doing so, developers leave organizations and users exposed to potential pitfalls that can be exploited by threat actors to interfere with the regular operation of the device,” the Check Point researchers wrote.

What actions were taken - Check Point researchers notified Xiaomi about the security issue, and Xiaomi quickly released a patch to fix the vulnerability.