Bluebox, a software security company that tests mobile devices for security and malware threat, got their hands on a Xiaomi Mi 4 for testing. The results were not good. Bluebox claims that there were malicious software installed on the device, with some of those even mimicking Google applications. Xiaomi has since replied to the accusation, but it still leaves questions on the security of the phone and the integrity of the brand itself.
Bluebox found all manner of trojans and malware installed on the phone, some that allowed hackers to access the device. There were also adware that mimicked the look of a verified Google application. Bluebox declared that they found the device “vulnerable to every vulnerability we scanned for.” A good question to ask next is if the phone was genuine in the first place.
Bluebox said that they were able to buy the phone from a retailer in China, and that they were not sure if the phone was tampered with by a third party before sale, or if it was some sort of test model – since the operating system was a mixture of Android 4.4.4 KitKat with some older elements from older OS versions included.
Xiaomi’s VP for International Hugo Barra has since replied to the accusation. He points out that the device Bluebox tested was “inot using a standard MIUI ROM, as our factory ROM and OTA ROM builds are never rooted and we don’t pre-install services such as YT Service, PhoneGuardService, AppStats etc.” Barra says that Bluebox may have received a tampered device. He added that Xiaomi recommends people to buy their phones through its official online store and selected carriers, and not from third-party resellers. The full content of Xiaomi’s official reply to the accusation can be found at the source link (see below).
That said, Bluebox lead security analyst Andrew Blaich says that he is not convinced of the answer, saying that there were still holes in the whole shipping process from China to international where devices can still be tampered with. It raises a lot of questions about buying phones from China at street level, where there is a very lively market for cheaply priced devices. Sadly, this is also not the first time Xiaomi has been accused of putting out devices that have security flaws.
VIA: SlashGear
Seeing that the device was counter fit and it had a cloned imei . The only fault i see in xiaomi is that there identification tool sux and it didn’t figure out that its a fake phone with a non original rom.
Exactly. My Xioami Redmi note 2 was bought from trusted seller- Aliexpress and came installed with fake rom and malware app- Trojan that have full access to the device! Checking it with the anti_fake.apk shows that it’s a genuine device and everything is OK. It doesn’t recognize fake and modified roms. It even has a fake antivirus that says everything is clean. Always use trusted anti-virus products. Anyway, Xiaomi lost my trust, no matter who’s fault is the malware. I intended to buy a router too, but after my bad experience with their phones, how could I trust a router?
The sale chain is not under Xiaomi’s control, almost all Mi devices that i bought here in Romania, came with bloat or other crap on it. Hence all of them have to be reflashed…. I don’t blame Xiaomi other then the fact that they don’t sell oficialy here. Its the damned resellers who do dishonest shit…