The Indonesian Police, the Cyber Division of the Polda Metro Jaya asked the public to be wary of cellphones (HP) from China with Mediatek chipset technology. Because cellphones with chip technology were found to be prone to fake payments.
Quoted from CNBC Indonesia, according to the police, the vulnerability in question can be used to disable mobile payment mechanisms, and even fake transactions via Android installed on the device. However, the police did not specify the brand of the cellphone in question, only mentioning the code N9T and N11.
The increasing vulnerability in Chinese cellphones with MediaTek chips is said to occur due to a lack of control on the old version. As a result, these weaknesses appear and can be used by hackers to carry out their actions.
Report from Check Point Research
The vulnerability was discovered after a search conducted by Check Point Research (CPR), a research company based in the United States (US).
CPR stated that the cellphone brand in question was the Xiaomi brand. Where is a series of vulnerabilities in Xiaomi applications that are responsible for managing device security and mobile payments, which are used by millions of users around the world.
As written by CPR research quoted on its official website “In this report, CPR (Mobile) researchers analyze the payment system installed on Xiaomi smartphones powered by MediaTek chips, which are very popular in China”.
CPR discovered vulnerabilities in its review that allow payment fraud or disable payment systems directly, from non-privileged Android apps.
CPR said that its research focused on trusted applications from MediaTek-enabled devices. The test device used is the Xiaomi Redmi Note 9T 5G with MIUI Global OS 126.96.36.199.”
As a result, non-privileged Android apps can exploit the CVE-2020-14125 vulnerability to execute code in trusted wechat apps and fake payment plans.
After the disclosure by CPR, this vulnerability was patched by Xiaomi in June 2022.
Additionally, CPR shows how a downgrade vulnerability in Xiaomi’s trusted execution environment (TEE) can enable older versions of the wechat app to steal private keys. This read vulnerability has also been patched and fixed by Xiaomi following the disclosure of research from CPR to the company.***
This post was last modified on 23 October 2022 14:52
Multymeter.com - Honda Compact is an electric motorbike with a 1.7 kW motor produced by… Read More
Multymeter.com - Samsung One UI 6 is the upcoming version of Samsung's custom Android skin.… Read More
Multymeter.com - Amazon manufactures tablets because it sees a huge market potential for these devices.… Read More
Multymeter.com - Apple's business strategy. Apple is a company that focuses on selling hardware. They… Read More
Multymeter.com - iOS 17 is the latest version of Apple's mobile operating system for the… Read More
Multymeter.com - Apple launched the iPhone 15 and iPhone 15 Pro on 12 September 2023.… Read More