Slashdot Mirror

← Back to Stories (view on slashdot.org)

Xiaomi Can Silently Install Any App On Your Android Phone Using A Backdoor (thehackernews.com)

Posted by BeauHD on from the constantly-reappearing dept.

Xiaomi, the Chinese smartphone manufacturer many refer to as the "Apple of China," can silently install any app on your device, according to a Computer Science student and security enthusiast from the Netherlands. Thijs Broenink started investigating a mysterious pre-installed app, dubbed AnalyticsCore.apk, that constantly runs in the background and reappears even if you try and delete it. The Hacker News reports: After asking about the purpose of the AnalyticsCore app on the company's support forum and getting no response, Thijs Broenink reverse engineered the code and found that the app checks for a new update from the company's official server every 24 hours. While making these requests, the app sends device identification information with it, including the phone's IMEI, Model, MAC address, Nonce, Package name as well as signature. If there is an updated app available on the server with the filename "Analytics.apk," it will automatically get downloaded and installed in the background without user interaction. Broenink found that there is no validation at all to check which APK is getting installed to a user's phone, which means there is a way for hackers to exploit this loophole. This also means Xiaomi can remotely and silently install any application on your device just by renaming it to "Analytics.apk" and hosting it on the server. Ironically, the device connects and receives updates over HTTP connection, exposing the whole process to Man-in-the-Middle attacks."

15 of 97 comments (clear)

  1. Not actually an example of irony. by Narcocide · · Score: 5, Insightful

    Ironically, the device...

    I think you mean predictably.

    1. Re:Not actually an example of irony. by postbigbang · · Score: 4, Funny

      Don't worry. It's in a directory called /speedtest.

      --
      ---- Teach Peace. It's Cheaper Than War.
    2. Re:Not actually an example of irony. by Anonymous Coward · · Score: 3, Funny

      Irony is like coppery, but harder.

    3. Re:Not actually an example of irony. by Kvasio · · Score: 5, Interesting

      exactly! I'm concerned if regular LED bulbs (not the wifi-enabled ones) don't have hidden functionalities, such as sending sound or images over wireless network or becoming bricked on command from China.
      So any router, smartphone, security cam etc are even more suspicious.
      Sure, "Western" brands also produce in China, but at least - theoretically - they control their products. In case of chinese brand + chinese design + chinese manufacturing option of "bricked on command" may be quite viable war scenario.

  2. Shocker... by Anonymous Coward · · Score: 4, Insightful

    ... who would expect something like that from a company in china... also Google can do the *exact* same thing...

    1. Re:Shocker... by 93+Escort+Wagon · · Score: 3, Funny

      ... who would expect something like that from a company in china... also Google can do the *exact* same thing...

      Apparently Apple can only do this with U2 albums.

      --
      #DeleteChrome
    2. Re:Shocker... by Anonymous Coward · · Score: 3, Informative

      Well, at least one big difference is the encryption... if Google's updated app is served via an encrypted request, it's much more likely that only they can send the updated apk to the target's phone.

      With Xiaomi's implementation, anyone between the target and the server can send the apk of their choice.

      Who should be able to update software? The company your're already relying of for various services, or _anyone_?

  3. Funny by viperidaenz · · Score: 2

    So I can run an free wifi network and man-in-the-middle anyone with a Xaiomi phone who connects to it and install anything I want on their phone.

    1. Re:Funny by OzPeter · · Score: 2

      Check out this article from Feb 2016 The Future Of Xiaomi: China’s Most-Valuable Startup Is Looking Well Beyond The Smartphone

      Xiaomi, which was founded just six years ago, sells its smartphones in just nine countries, but China is far and away its biggest market, accounting for the vast majority of the 70 million smartphones it sold in 2015.

      --
      I am Slashdot. Are you Slashdot as well?
  4. Is anyone surprised? by macs4all · · Score: 2, Insightful

    That's what you get from a wholly-Chinese company.

    And no, using Chinese Contract Manufacturing is NOT the same. Contract Manufacturers don't control the firmware, nor have the signing keys or software distribution abilities.

  5. Just like Samsung, AT&T, Apple, Verizon, LG, S by ebunga · · Score: 3

    And anybody and anything that half-way looks at your phone. Why doesn't the CFAA apply to these companies forcibly installing unwanted software on my pocket computer and making it impossible to uninstall that software?

  6. They should call Google.. by subk · · Score: 4, Funny

    ..And collect that $200,000 bounty

    --
    Now, if you'll excuse me, I have backups to corrupt.
  7. Re:*My* Android Phone? by Kvasio · · Score: 2

    surely you control firmware. But do you control electronic components? Sure, that there are no "hidden few hundred lines of code" in electronics, that would overlay whatever there is in firmware or software?

  8. Re:So, uhhh.. by Anonymous Coward · · Score: 2, Informative

    Yes, it does.
    Should have root then use file explorer that support text editting or other editing app to edit hosts file (/system/etc/hosts).
    Adaway ad blocker for android also works with the hosts file.
    I'm not certain if you need root for this but you can also push and pull the hosts file using adb.

  9. Re:Why can't you write-protect your goddamned phon by Nemyst · · Score: 3, Insightful

    1) Android's system partition is, indeed, write-protected. Users can never write to it. However, there has to be a partition with RW rights for data storage, and that's also where all userland apps reside. This is important because users do, in fact, install software regularly, and also updates are pushed out fairly consistently. Having to remount the drive every time would be way more hassle than it's worth if you wanted it to be actually secure in any fashion.

    2) All of this is besides the point because the manufacturer is doing it. They could embed that behavior in the motherboard, in a hardware chip separate from the main CPU, they could put it in the firmware, they can do anything. Your "solution" is for a problem completely orthogonal to the issue at hand.