Security Architecture, Endpoint/Device Security, Endpoint/Device Security, Security Strategy, Plan, Budget, Vulnerability Management, Threat Management, Malware, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security

Pre-loaded malware found on Xiaomi Mi 4 device, among other issues


Bluebox Security tested a popular smartphone in China and found a number of major security issues, including pre-installed malicious apps and numerous vulnerabilities.  

The smartphone, a Xiaomi Mi 4 LTE device, was first verified to be a legitimate device by Xiaomi, the world's third largest smartphone distributor. Andrew Blaich of Bluebox revealed Thursday that the phone ran a "forked," or not certified, form on Android largely based on the MIUI ROM.

In addition to detecting pre-loaded “suspicious apps"on the device, categorized as malware, spyware or adware, Bluebox saw that the phone was vulnerable to every bug it scanned for, except Heartbleed. Several conflicting API build properties were also observed, meaning it was “unclear if [the] build of the software was meant for testing or release to consumers,” Blaich explained.

Bluebox disclosed the issues to Xiaomi, which did not follow up with the security firm.

UPDATE: Despite Bluebox's efforts to check the authenticity of the device, Xiaomi said that the firm's security analysis was actually done on a counterfeit smartphone.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.