What is the issue - A vulnerability in Xiaomi’s pre-installed security app ‘Guard Provider’ could expose users to Man-in-the-Middle (MitM) attacks.
The big picture
Researchers from Check Point detected a vulnerability in Xiaomi’s pre-installed security app named Guard Provider that exposes users to MitM attacks.
Software Development Kit (SDK) is a set of programming tools that help developers create apps for a specific platform. However, increased use of multiple SDKs within the same app makes could cause problems such as crashes, viruses, malware, privacy breaches, battery drain, slowdown, and more.
“According to a recent report though, the use of multiple SDKs in a single app is far more common than one might think. On average a single app now has over 18 SDKs implemented within the same app. But by doing so, developers leave organizations and users exposed to potential pitfalls that can be exploited by threat actors to interfere with the regular operation of the device,” the Check Point researchers wrote.
What actions were taken - Check Point researchers notified Xiaomi about the security issue, and Xiaomi quickly released a patch to fix the vulnerability.