Xiaomi, the Chinese smartphone manufacturer many refer to as the "Apple of China," can silently install any app on your device, according to a Computer Science student and security enthusiast from the Netherlands. Thijs Broenink started investigating a mysterious pre-installed app, dubbed AnalyticsCore.apk, that constantly runs in the background and reappears even if you try and delete it.
The student decided to ask about the presence of the AnalyticsCore app on the company’s support forum without success. At this point, Broenink decided to do a reverse engineering of the code and discovered that found that the app checks for a new update from the Xiaomi server every 24 hours.
The app sends out mobile device identification data including Model, IMEI, MAC address, Nonce, Package name as well as signature.
The app sends out mobile device identification data including Model, IMEI, MAC address, Nonce, Package name as well as signature.
If the app finds on the server more recent apk with the filename “Analytics.apk,” it will automatically download and install it in the background without user interaction.
How does the AnalyticsCore.apk chack the authenticity of an update file? What happens if an attacker substitute the app with a trojanized version?
“The question is then: does it verify the correctness of the APK, and does it make sure that it is in fact an Analytics app? If it does not, that means Xiaomi can install any app on your device it wants, as long as it’s named Analytics.apk.” Broenink wrote in a blog post.
The student hasn’t discovered the real purpose of the AnalyticsCore app, it sounds like a sort of backdoor that opens million Xiaomi devices to cyber attack.
Such kind of mechanism could be exploited by intelligence agencies to deliver surveillance software onto millions of Xiaomi devices.
If you own a Xiaomi device yourself, you might want to block all access to Xiaomi related domains, because by far this isn’t the only request to a Xiaomi site. I use AdAway for this. It does require root access, but that should be no problem if you run the International ROM.
No comments:
Post a Comment