Xiaomi Phones With Miiatek Chips Found Vulnerable To forged Payments.

Sampson Gideon August 20, 2022

6 2 minutes read

Xiaomi found some security flaws in Redmi Note 9T and Redmi Note 11 models. Hackers could exploit this vulnerabilities to disable the mobile payment mechanism and even forge transactions via a rogue Android app installed on the devices.

Check Point said it found the flaws in devices powered by MediaTek chipsets during a security analysis of the Chinese handset maker’s Kinibi Trusted Execution Environment (TEE).

A TEE refers to a secure enclave inside the main processor that’s used to process and store sensitive information such as cryptographic keys to ensure confidentiality and integrity.

Loophole Found In Xiaomi App

The Israeli cybersecurity firm discovered that hackers can downgrade a trusted app on a Xiaomi device due to a lack of version control.

In essence, fostering an attacker to replace a newer, secure version of an app with an older, vulnerable variant.

Therefore, an attacker can bypass security fixes made by Xiaomi or MediaTek in trusted apps by downgrading them to unpatched versions. The firm also identified several flaws in the admin, a trusted app that’s responsible for security management.

Malicious app could also abuse this vulnerability to leak stored keys or to execute arbitrary code in the context of the app. We discovered a set of vulnerabilities that could allow the forging of payment packages or disabling the payment system directly from an unprivileged Android application.

The weaknesses aim a trusted app developed by Xiaomi to implement cryptographic operations related to a service called Tencent Soter. It is a biometric standard that functions as an embedded mobile payment framework to authorize transactions on third-party apps using WeChat and Alipay.

Soter Vulnerability Induces Access

Overflowing susceptibility in the soter trusted app meant that it could be exploited to induce a denial-of-service by an Android app that has no permission to communicate with the TEE directly.

However, By chaining the aforementioned downgrade attack to replace the soter trusted app to an older version that contained an arbitrary read vulnerability.

Check Point found it was possible to extract the private keys used to sign payment packages.

The vulnerability completely compromises the Tencent soter platform, allowing an unauthorized user to sign fake payment packages.

Xiaomi, following responsible disclosure, has rolled out patches to address CVE-2020-14125 on June 6, 2022. The firm is also fixing the downgrade issue.