It is currently 18-12-2017 10:03

On Android smartphones Xiaomi discovered a mysterious backdoor

On Android smartphones Xiaomi discovered a mysterious backdoor

by sigismund » 2016-09-16 15:52:24


Xiaomi can remotely install on the device, any application without the user's knowledge.


As we know, Android manufacturers Xiaomi, HTC, Samsung and OnePlus does not use a "clean" version of the operating system, and a custom firmware (like CyanogenMod, Paranoid Android, MIUI, etc.) with pre-installed applications and themes. Theoretically, these programs are designed to improve the performance of smartphones and add functionality. However, some applications inherently are baccarani.

A student from the Netherlands This Broenink (Thijs Broenink) decided to find out what unknown programs AnalyticsCore.apk pre-installed on his smart phone Xiaomi Mi4. The app works in the background 24 hours a day, 7 days a week, and recovering from attempts to remove it.

Broenink asked what is the function AnalyticsCore, support forum, Xiaomi. And without waiting for a response, he made the reverse-engineering of the application. As it turned out, it connects to the official server of the manufacturer and checks for available updates once every 24 hours. Each time you connect AnalyticsCore sends to the server information about the device, including model name, IMEI, MAC address and a Nonce.

If you have the server updated application with the name of the file Analytics.apk it downloaded and installed on the device in the background without any involvement from the user. "I have not found any evidence in the code itself AnalyticsCore, but I assume that the Xiaomi app with elevated privileges, performs the installation process in the background," said Broening.

The question arises, whether the smartphone the authenticity of APK, and how determines that the downloaded application is really AnalyticsCore? According to the researcher, any APK verification mechanisms do not exist, and thus, Xiaomi can remotely and silently install on your device any app by downloading it on your server under the name AnalyticsCore.apk.

To know the purpose of the program Broenink and failed. To find information about it online and even on the official website of the manufacturer impossible, so we can only guess why Xiaomi installs on their devices. In addition to the company itself, are bedorom can government intelligence agencies or cybercriminals.

Because AnalyticsCore receives updates over unsecured HTTP Protocol, attackers can implement the attack "man in the middle. "Personally, I think that this is a vulnerability, because [the manufacturer] is known IMEI and model of your phone and they can install any APK specifically for this device" - said the researcher.

The Xiaomi smartphone owners can protect themselves by blocking with firewall connection to any associated with domain.
sigismund
moderators
Сообщений: 788
Депозит: 0 BTC

Rating: 5