Categories: Vulnerability

Xiaomi Phones with MediaTek Chips Found Vulnerable to Forged Payments

CheckPoint researched the payment system built into Xiaomi smartphones powered by MediaTek chips. From the analysis, they identified vulnerabilities that can allow the forging of payment packages or disabling the payment system directly from an unprivileged Android application.

Xiaomi’s TEE

The trusted execution environment (TEE) aims to process and store sensitive security information such as cryptographic keys and fingerprints. TEE protection is based on hardware extensions (such as ARM TrustZone) that keep the TEE world safe even on rooted devices or those compromised by malware.

Generally, popular implementations of the TEE for mobile devices are Qualcomm’s Secure Execution Environment (QSEE) and Trustronic’s Kinibi.TEE creates a secure virtual world managed by a trusted OS that runs trusted apps, also a trusted app implements a specific security feature.

Xiaomi devices on Qualcomm chips use QSEE trusted OS. MediaTek-based devices use Kinibi. Researchers tested Xiaomi Redmi Note 9T 5G with MIUI Global OS.

Trusted App Format

Researchers explain that a trusted app can have multiple signatures following the magic fields. The magic fields are the same across all trusted apps on the device. Also, they are the same as the app fields of all other devices, such as Xiaomi T11 and Xiaomi Note 8 Pro.

Trusted app format

“An attacker can bypass security fixes made by Xiaomi or MediaTek in trusted apps by downgrading them to unpatched versions”, CheckPoint.

In the case of Xiaomi, it follows the GlobalPlatform TEE Internal Core API Specification in implementing trusted apps. Each app exports the “TA Interface” functions, which are the entry points to create the app instance, notify the instance that a new client is connecting, notify the instance when the client invokes a command, and so on.

Tencent soter architecture

Xiaomi devices have an embedded mobile payment framework called Tencent Soter that provides an API for third-party Android applications to integrate the payment capabilities.

An unprivileged Android application could exploit the CVE-2020-14125 vulnerability to execute code in the soter trusted app and forge payment packets.

Xiaomi, following responsible disclosure, has rolled out patches to address CVE-2020-14125 on June 6, 2022. “The downgrade issue, which has been confirmed by Xiaomi to belong to a third-party vendor, is being fixed,” Check Point added.

Sponsored: Your SWG Battle Plan: 3 Steps to Achieve Web Security

Gurubaran is a Security Consultant, Security Editor & Co-Founder of Cyber Security News & GBHackers On Security.

Recent Posts

SSNDOB Marketplace Admin Jailed for Selling millions of Americans Data

In a resounding triumph for justice, U.S. District Judge Kathryn Kimball Mizelle has sentenced Vitalii…

11 hours ago

Is Your Online Store Hacked in a Carding Attack? Here’s an Action Plan to Protect

Hackers are plotting to benefit from the generosity of Halloween, Thanksgiving, and Christmas shoppers using…

15 hours ago

Google Researchers Find Out How ChatGPT Queries Can Collect Personal Data

The LLMs (Large Language Models) are evolving rapidly with continuous advancements in their research and…

15 hours ago

New Android Malware Employs Various Tactics to Deceive Malware Analyst

In the dynamic realm of mobile application security, cybercriminals employ ever more sophisticated forms of…

17 hours ago

DJvu Ransomware Mimic as Cracked Software to Compromise Computers

A recent campaign has been observed to be delivering DJvu ransomware through a loader that…

18 hours ago

Okta Hack: Threat Actors Downloaded all Customer Support System Users’ Data

In a pivotal update to the Okta security incident divulged in October 2023, Okta Security…

19 hours ago