Xiaomi Corporation is a Chinese electronics company. Xiaomi emerged the top smartphone brand in India in terms of units shipped, with a 29.7 per cent market share at the end of the second quarter of 2018, according to IDC India

The company sold 118.7 million smartphones last year. Mint Browser has over 500,000 installs on Google Play.

Xiaomi Pre-Installed Security Application Vulnerable to MiTM Attacks.

Checkpoint research, Man in the middle attack vulnerability was patched by xiomi in the inbuilt security application ‘Guard Provider Application’.

As explained by Check Point, the vulnerability is due to “SDK Fatigue” which describes the overuse of SDKs within apps making them a lot more exposed to issues like “crashes, viruses, malware, privacy breaches, battery drain, slowdown, and many other problems.”

Xiomi pre-installed Mint browser vulnerability

Security researcher Arif Khan on Friday disclosed that the flaw (CVE-2019-10875) works with both HTTP and HTTPS websites and it could be used to show any domain name in the address bar.

When end user try to browse a link with ‘q’ parameter. The browser will display only ‘q’ parameter link instead of whole parameter.

https://www.google.com/?q=www.phisingsite.com
The website www.google.com can thus pretend to be www.phisingsite.com because of the way, the Browser handles the query parameter ‘q’ of the URL. It just happens with the parameter q.  The full report is here.

Credit : Arif Khan

Xiaomi Updated Browser’s URL Spoofing attack

Bug hunter Reneva, he also used the Khan’s method and bypass in updated Mint browser version 1.6.3 released on 5th April. Xiomi fails to update the vulnerability.

Credit : Arif Khan

Xiaomi again tried to patch the vulnerability with the release of Mint Browser 1.6.4. However, this counts as another failure at properly fixing CVE-2019-10875.

Renwa shared a new method to bypass the URL spoofing in its Mint Browser. The video below shows how the security researcher loaded a Yahoo! page but the address bar indicates the Facebook mobile web page.

Credit : Arif Khan

Thanks to Arif khan and Reneva for providing great research with proof of concept.

LEAVE A REPLY

Please enter your comment!
Please enter your name here