"Xiaomi Phones with MediaTek Chips Found Vulnerable to Forged Payments"

Xiaomi Redmi Note 9T and Redmi Note 11 models have security flaws that could be exploited to disable the mobile payment mechanism and forge transactions via a malicious Android app installed on the devices. Researchers at Check Point discovered the flaws in MediaTek chipset-powered devices during a security analysis of the Chinese handset maker's "Kinibi" Trusted Execution Environment (TEE), which is a secure enclave within the main processor that processes and stores sensitive information such as cryptographic keys. Due to a lack of version control, the researchers discovered that a trusted app on a Xiaomi device could be downgraded, allowing an attacker to replace a newer, secure version of an app with an older, vulnerable variant. As a result, an attacker can circumvent security fixes implemented by Xiaomi or MediaTek in trusted apps by reverting to unpatched versions. Furthermore, several vulnerabilities have been discovered in "thhadmin," a trusted security management app, which a malicious app could exploit to leak stored keys or execute arbitrary code in the context of the app. They discovered a set of flaws that could allow payment packages to be forged or the payment system to be disabled directly from an unprivileged Android app. This article continues to discuss the discovery, potential exploitation, and impact of the security vulnerabilities in Xiaomi Redmi Note 9T and Redmi Note 11 models.

THN reports "Xiaomi Phones with MediaTek Chips Found Vulnerable to Forged Payments"