Major security flaws were discovered in two Xiaomi phones, including the Xiaomi Redmi Note 9T and the Redmi Note 11 models. According to Check Point, flaws were found in the devices that were powered by MediaTek chipsets when they were conducting a security analysis of a Chinese handset maker’s Kinibi Trusted Execution Environment or TEE.
TEE is secure enclaves inside the main processor used to process and store sensitive information, including cryptographic keys. They help main confidentiality and integrity.
The Israeli cyber security firm discovered that a trusted app could be downgraded on a Xiaomi device if there was a lack of control. Therefore, it enabled the attacker to replace the newer and more secure app with one that was old and vulnerable.
Due to this, Researcher Slava Makkaveev from Check Point believes that the attacker can bypass security fixes Xiaomi or MediaTek make in trusted apps and downgrade them to their older unpatched versions.
Furthermore, the researchers have also found a vulnerability in thhadmin, a trusted app responsible for security management. Attackers could abuse and leak stored keys or execute arbitrary code and pin it on the app.
The weakness aims at trusted apps developed by Xiaomi and implement cryptographic operations related to service, Tencent Soter, which is a biometric standard. It functions as an embedded mobile payment framework and authorizes transactions made on third-party apps that use WeChat and AliPay.
However, a heap overflow vulnerability on the soter trusted app could be exploited to induce a denial of service by an Android app that may not have permission to communicate with TEE directly.
Furthermore, chaining the previously mentioned downgrade attack in an attempt to replace the soter trusted app with an old and vulnerable version could make extracting private keys used to sign payment packages possible, according to Check Point
- Xiaomi Releases the Xiaomi Mix Fold 2 as a Competitor for the Galaxy Z Fold 4
- The Xiaomi Mi12S Ultra Comes With a Huge Camera Sensor