Millions Of Xiaomi Phones at Risk Of Remotely Installed Malware

Zack Whittaker, reporting for ZDNet: Millions of Xiaomi phones are vulnerable to a flaw that could allow an attacker to remotely install malware. The vulnerability, now fixed, was found in the analytics package in Xiaomi's custom-built Android-based operating system. Security researchers at IBM, who found the flaw, discovered a number of apps in the package that were vulnerable to a remote code execution flaw through a man-in-the-middle attack -- one of which would allow an attacker to run arbitrary code at the system-level. In other words, an attacker could inject a link to a malicious Android app package, which is extracted and executed at the system level.

Re:News but few here probably have such phones

A lot of people import Xiaomi phones from China. They offer outstanding value for money and are amazingly high quality for the price.

I use a Redmi Note 2 Prime which I bought for the equivalent of about £130 a year ago. The 5.5inch 1080p IPS screen is very good, the 13mp camera fives great photographs, and the 2.2GHz 8 core Helio X10 processor more than meets my needs. The battery life is good, and it also has a MicroSD expansion slot, which many phones annoyingly lack. MiUI is also a lot better than Android, except for the fact that they bizarrely chose to disable the mass storage mode when you connect the phone to your computer. Xiaomi are also much better at supporting their phones in the long term, and provide software updates for many years.

Overall, I really can't understand why more people don't import Xiaomi phones since an equivalent phone in the UK would be about 2.5x to 4x the price.