Users of major Android brand warned over 20 ‘significant’ invisible threats lurking on their phones stealing data

DOZENS of security vulnerabilities have been discovered on a popular brand of Android devices, a cyber firm has warned.

The security gaps affect everyday apps like the Gallery, Video Player, Bluetooth, Phone Services, the Cloud, and several security settings.

1

Popular Chinese brand Xiaomi, whose devices run on Google's Android software, are harbouring invisible threats that could jeopardise its users data security, firm Oversecured has said.

In a report shared with The Hacker News, Oversecured wrote: "Our team discovered 20 dangerous vulnerabilities across various applications and system components that pose a threat to all Xiaomi users. 

"The vulnerabilities in Xiaomi led to access to arbitrary activities, receivers and services with system privileges, theft of arbitrary files with system privileges, [and] disclosure of phone, settings and Xiaomi account data."

The 20 security holes can be found within different apps and components, including:

READ MORE ON ANDROID

GOOG JOB

'Why on earth do we need this?': Android users baffled by bizarre Google feature

BAD CALL

Android owners warned over invisible attack that can empty accounts without notice

• Gallery (com.miui.gallery)
• GetApps (com.xiaomi.mipicks)
• Mi Video (com.miui.videoplayer)
• MIUI Bluetooth (com.xiaomi.bluetooth)
• Phone Services (com.android.phone)
• Print Spooler (com.android.printspooler)
• Security (com.miui.securitycenter)
• Security Core Component (com.miui.securitycore)
• Settings (com.android.settings)
• ShareMe (com.xiaomi.midrop)
• System Tracing (com.android.traceur), and
• Xiaomi Cloud (com.miui.cloudservice)

One of the larger flaws discovered could allow hackers to leak information about Bluetooth devices, connected Wi-Fi networks, and emergency contacts.

The Mi Video app has been found to send Xiaomi account information, such as username and email address via broadcasts - which could be intercepted by a third-party app.

While a memory corruption flaw in the GetApps app, that Xiaomi was reportedly alerted to over a year ago, also remains unchanged.

Most read in Tech

PLANE MYSTERY

Fresh hope to find MH370 as scientists propose sea explosions to locate plane

NEED FOR SPEED

Virgin Media says 'simplistic' Wi-Fi trick may provide instant speed boost

KNOCK OUT

Amazon Fire TV Stick owners receive free upgrade with 10 new sports channels

STARRY-EYED

Exact time you could spot Northern Lights TONIGHT - and best places to see them

System changes made by the Chinese handset maker to include more features and functionality have lead to these flaws, according to Oversecured.

STAY PROTECTED

The team reported the most recently discovered cyber flaws to Xiaomi in late April.

Users are encouraged to keep their devices updated with the latest software to ensure they - and their data - is well protected.

A Xiaomi spokesperson said: "Protecting the data security and privacy of our users is the top priority.

"Xiaomi has remediated all vulnerabilities reported by the Oversecured team and has ensured that no user is exposed to risk posed by these vulnerabilities.

"Users are always advised to update their devices to the latest version of software which offers security updates."

Must-know Android tips to boost your phone

Get the most out of your Android smartphone with these little-known hacks:

• Secret button that boosts your battery and can save money
• Lazy hack to free up space on your phone
• Apps to delete for extra storage
• Simple trick to get from A to B faster on Google Maps
• Free upgrade protects Android users from scam apps
• Clever trick lets you respond to calls WITHOUT talking