Everyone recognizes the excellent work done by Xiaomi in its MIUI interface. With frequent updates, this search always brings the latest news and features.
But MIUI is not without its problems, and a security company has detected serious flaws in this interface, which can expose user data and even smartphones themselves.
Those who discovered these shortcomings were the security company eScan, which in its publication details all the problems found at MIUI. These are serious flaws that Xiaomi will have to fix soon, otherwise, users and their devices will be vulnerable to data theft.
One of the most serious flaws is in the MI-Mover application. This is dedicated to copying and migrating data between an Android device and a Xiaomi smartphone. Being a normal function, no problem would be expected. The truth is that when MI-Mover is used between two Xiaomi smartphones this one copies more data than expected, bringing sensitive and confidential information.
This in practice can lead to data theft if an attacker has physical access to the smartphone, thus copying all the information to the victim. Android has sandbox mechanisms to isolate applications and their data, but MIUI seems to bypass this security mechanism.
A second major flaw lies in the way MIUI treats applications with administrator permissions on Android. Typically, they have access to sensitive operating system zones and therefore require a PIN or password to be removed.
What can be seen in MIUI is that these applications can be removed without any authentication. This can lead to something as simple as removing Device Manager from Android or any other anti-theft application.
There are a number of other issues reported, such as the Work-Profile Admin app that is only hidden when it is uninstalled, and the spaces for professional profiles that can not be distinguished from personal ones.
The truth is that these failures require physical access to a Xiaomi smartphone that does not have an active password to exploit, but that does not make them less serious. Xiaomi has already reacted and advises users to protect their devices with a simple password.
It was not advanced by Xiaomi if it would deal with these problems immediately, but it is expected that MIUI 9, to be released soon, will correct all these flaws.