They have been identified security flaws in Xiaomi Redmi Note 9T and Redmi Note 11 smartphones, which could be exploited to disable the mobile payment mechanism and even falsify transactions via a legitimate Android application installed on the phones.
It is not a question, as we saw last time, of bogus applications, but of using a hardware and software vulnerability that allows you to bypass something related to online payments.
These phones contain MediaTek chips, details you will see shortly. If you don’t know what it is: it is a Taiwanese company which produces semiconductors and among other things chips (processors) for smartphone phones.
Xiaomi with MediaTek chip: what exactly happens
Check Pointan Israeli cybersecurity firm, said it found flaws in devices that work with MediaTek chipsets during a security analysis of the Trusted Execution Environment (TEE) “Kinibi”, a product of the Chinese smartphone manufacturer.
Trivial: a TEE refers to a sort of “safe area” of the processor, in which sensitive information is kept “in a safe” and encrypted, something similar to the TPM (Trusted Platform Module) for Personal Computers, but on phones.
Specifically, the Israeli cybersecurity firm found that a trusted program on a Xiaomi device can be downgraded from chipset control due to lack of version control, allowing an attacker to replace a more recent and secure version of an application with an older and more vulnerable variant.
“[…]an attacker can circumvent security fixes made by Xiaomi or MediaTek via reputable reputable programs by downgrading to unpatched versions [di sicurezza]“Said the Check Point researcher Slava Makkaveev in a shared report with The Hacker News.
In addition, several vulnerabilities have been identified in “thhadmin”, an always legitimate application responsible for security management, which could be misused by other malicious applications to leak archived registry keys or to execute arbitrary code (malware ) within the application.
“We have discovered a number of vulnerabilities that could allow counterfeiting of payment forms or disabling the payment system directly from an unprivileged Android application“Makkaveev said again in a statement shared with The Hacker News.
The weaknesses target a legitimate program developed by Xiaomi to implement cryptographic operations related to a called service Tencent Soterwhich is a “biometric standard” that serves as an embedded mobile payment facility to authorize transactions on third-party apps using WeChat and Alipay.
But a vulnerability of heap overflow on a reliable program it may be able to somehow bypass the communication between the program and the TEE in the processor.
It’s not all. By chaining the aforementioned downgrade attack to replace the trusted application with an older version that contained an “arbitrary” read vulnerability (meaning it reads legitimate code as malware), Check Point found that it was possible to extract the private keys used to sign payment packages.
“The vulnerability […] completely compromises the Tencent soter platform, allowing an unauthorized user to sign fake payment packagesCheck Point noted.
So should we worry about the MediaTek chip bug that is related to the application problem on Xiaomi?
Absolutely no! Xiaomi, following responsible disclosure, has implemented patches to address CVE-2020-14125 June 6, 2022. “The downgrade issue, which was confirmed by Xiaomi to belong to a third-party vendor, has been fixed“, Check Point added.
Therefore the bug has already been fixed, at least according to them.
In case you should notice that the application “goes back” to previous versions, just go to PlayStore, check and manually update the application.
#Xiaomi #smartphone #MediaTek #chip #payment #vulnerability