Check Point Research (CPR) said that global smartphone company Xiaomi has fixed some bugs in its mobile payment system identified by cyber security researchers.
Left unattended, an attacker could steal WeChat Pay controls and the private keys used to sign payment packages, and an unprivileged Android app could create and sign fake payment packages.
Watch Video: VLC Media Player Banned in India- Why?
Cyber-security researchers disclosed their findings to Xiaomi, which acknowledged and released an immediate fix for the bug.
“We have discovered a set of vulnerabilities that could allow payment packages to be created or payment systems to be directly disabled,” said Check Point security researcher Slava Makaviev.
If not patched, more than 1 billion users could have been affected by the bug.
“We were able to hack into WeChat Pay and implement a fully working proof of concept. Our study marks the first time Xiaomi’s trusted applications are being reviewed for security issues,” said Makaviev.
Watch Video: Samsung Galaxy Flip 4 First Look
The cyber-security company immediately disclosed the findings to Xiaomi, which “acted swiftly to issue a fix”.
The devices studied by CPR were powered by MediaTek chips.
The team described two ways to attack trusted code.
Watch Video: How to Use AI to Create Your Own Art Online
“First of all, from an unprivileged Android app, where the user installs a malicious application and launches it. The app extracts the keys and sends a fake payment packet to steal the money,” the CPR team said.
Second, if the attacker has target equipment in his hands.
“The attacker rooted the device, then downgraded the trust environment, and then ran code to create a fake payment package without any applications,” it added.
read the breaking news And today’s fresh news Here