Vulnerabilities could allow falsifying pay packets or disabling the pay system directly from an non-privileged Android application. Xiaomi devices on Qualcomm chips use QSEE trusted OS. MediaTek-based devices use Kinibi and TEE for secure virtual worlds. The researchers tested the Redmi Note 9T with MIUI Global 12.5.
CheckPoint examined a pay system built into Xiaomi smartphones running on MediaTek chips. As a result of the analysis, they identified vulnerabilities that could allow falsifying pay packets or disabling the pay system directly from a non-privileged Android application. From Xiaomi’s Trusted Execution Environment (tee), Tee is designed to process and store sensitive security information such as cryptographic keys and fingerprints. TEE protection depends on hardware extensions (such as ARM TrustZone) that keep tee World safe even on rooted devices or malware-infected devices. In general, popular tee applications for mobile devices are Qualcomm Secure Execution Environment (QSEE) and Trustronic Kinibi. TEE creates a secure virtual world managed by a trusted operating system running trusted applications, and the trusted application implements a specific security feature. Xiaomi devices on Qualcomm chips use QSEE trusted OS. MediaTek-based devices use Kinibi. The researchers tested the Xiaomi Redmi Note 9T 5G with MIUI Global 12.5. 6.0 the US. A trusted application can have multiple signatures that follow the magic fields, the researchers explain. The magic fields are the same in all trusted applications on the device. They also overlap with the application areas of all other devices, such as the Xiaomi T11 and the Xiaomi Note 8 Pro. “An attacker can bypass security fixes from Xiaomi or Mediatek in trusted applications by downloading them to invalid versions,” he said.
