- eScan in a 36-page report claims MIUI is not secure
- It points to system app flaws affecting user data security
- Xiaomi has responded to the eScan report in a statement
Security solutions company eScan on Thursday in a 36-page report alleged that Xiaomi’s MIUI custom Android ROM has multiple flaws that affected the security of user data. Xiaomi system apps such as the uninstall mechanism and Mi Mover were some of the flawed aspects of MIUI, the report stated. The Chinese smartphone company has refuted the allegations however, in a statement to Gadgets 360.
Any perpetrator who gains physical access to an unlocked phone, is capable of malicious activity and an unlocked phone is greatly at risk of user data being stolen.
This is why, we at Xiaomi encourage our users to be more aware of guarding their private data using PIN, Pattern locks, or the onboard fingerprint sensor available on most of our smartphones. In fact, prompting users to enable fingerprint lock is a standard step when setting up a Xiaomi smartphone for first use.
Mi Mover is designed to be a convenient tool for our users to move their data from an old smartphone to a new phone. In order for Mi Mover to initiate this process, a password is required.
More importantly, in order to use Mi Mover, the smartphone has to be unlocked.
Thus, there are two layers of protection for the user – phone lock and a Mi Mover password that are necessary.
Further, as per the Escan report, “As part of exploiting the issue you describe, someone needs to take control of a user’s mobile phone and get that phone in an unlocked state. This is a very high barrier to entry and seems unlikely to happen commonly, making this more of a theoretical attack. The protection, in this case, is to not allow someone to steal and unlock your phone.