The vulnerability is due to insecure network traffic to and from guard provider and the use of multiple SDKs.
Increased use of multiple SDKs within the same app could cause the problem such as crashes, viruses, malware, privacy breaches, battery drain, slowdown, and more.
The issue to this fact- A vulnerability in Xiaomi’s pre-installed security app ‘Guard Provider’ could expose users to Man-in-the-middle (MitM) attacks.
The big picture- Researchers from Check Point detected a vulnerability in Xiaomi’s pre-installed security app named Guard Provider that exposes users to MitM attacks.
1.) The vulnerability is due to insecure network traffic to and from ‘Guard Provider’ and the use of multiple SDKs.
2.) As a result, attackers connected to the same WiFi as users can perform Man-in-the-Middle (MitM) attacks.
3.) Due to the use of multiple SDKs, attackers could also inject malware.
However, increased use of multiple SDKs within the same app makes could cause problems such as crashes, viruses, malware, privacy breaches, battery drain, slowdown, and more.
“According to a recent report though, the use of multiple SDKs in a single app is far more common than one might think. On average a single app now has over 18 SDKs implemented within the same app. But by doing so, developers leave organizations and users exposed to potential pitfalls that can be exploited by threat actors to interfere with the regular operation of the device,” the checkpoint researchers wrote.
Actions were taken to this- Check Point researchers notified Xiaomi about the security issue, and Xiaomi quickly released a patch to fix the vulnerability.