Malware-infested Xiaomi Mi 4 caught in the wild, looks genuine until deep inspection
posted by Paul.K / Mar 09, 2015, 4:12 AM
Bluebox's tests did indeed uncover more than a few worrisome articles – an ad pushing process; a mysterious app, named Yt Service, whose developer package was named com.google.hfapservice, though, the app has noting to do with Google; a wide array of vulnerabilities; and conflicting build properties in the Android OS.
Additionally, Bluebox tested the authenticity of the Mi 4 unit it had in its hands by running Xiaomi's own verification app, and using CPU-Z to cross-reference the phone hardware with official specs. The general conclusion was that the device is a legitimate build, which has been tampered with somewhere in the line between manufacturer and retailer.
Bluebox informed Xiaomi on its findings and, a few days after, the OEM replied and both companies joined efforts in figuring out what's wrong with the unit. After numerous detailed pictures have been sent for analyzing, and the discovery of a hidden .apk folder on the phone's SD card, it became clear that the handset is a fake – a very, very good one at that.
The phone had all the stickers and labels in all the right places. According to the report, it looks physically like a genuine Mi 4, with some extremely minor build exceptions. The way it fooled CPU-Z and Xiaomi's AntiFake is by using cloned versions of these apps – secretly stored in the hidden .apk folder, the clones would activate whenever the user installs one of said apps on the device, actively replacing it. The false app would then report false data, making the phone appear to be genuine.
The bottom line? Well, if you have your heart set on a Xiaomi smartphone, your best bet is to buy from the company directly. Apparently, the “Apple of China” is now big enough to have near-identical, malware-infested copies of its handsets built and distributed around, so – heads up!
I read the article, this maybe a bit offtopic: but doesnt the Chinese government insists on their "modification" or certain additions to the software before it gets into the hands of consumers? This maybe inline with what their gvmnt is doing.. just asking...
posted on Mar 09, 2015, 4:34 AM 0
Posts: 5585; Member since: Feb 10, 2013
Probably But the US do the same anyway The NSA probably have backdoors in anything with an internet connection
posted on Mar 09, 2015, 4:56 AM 1
Posts: 1250; Member since: Dec 03, 2014
Well this is exactly why I dont buy cheap chineese crap.
posted on Mar 09, 2015, 4:38 AM 3
Posts: 1285; Member since: Dec 30, 2014
This has nothing to do with buying a "cheap chineese crap", this is to remind you that if you want to buy a Xiaomi or other phones, you must buy from official stores/websites or trusted sellers and retailers. I guess you have bought many clones, that's why you made such an idiotic comment. How sad. What a dumbass.
posted on Mar 09, 2015, 5:10 AM 5
Posts: 3240; Member since: Jul 22, 2014
The article said that the infected phone is fake. This will be the same with cloned samsung and other products. To be sure, just buy on legitimate online or physical store sellers. If it's not available for your country, just accept the situation and don't try buying on the likes of ebay.
posted on Mar 09, 2015, 5:36 AM 3
Posts: 11; Member since: May 21, 2014
Crap from China company
posted on Mar 09, 2015, 8:51 AM 0
Posts: 26; Member since: Nov 10, 2012
the title of the article does mislead readers into an impression of "Xiaomi phones come with malwares". also, Bluebox didn't disclose where did they get/buy the device from. "Chinese crap"?? what's not made in china nowadays?? and please mind your language.
posted on Mar 09, 2015, 6:12 PM 0
Posts: 17; Member since: Mar 14, 2015
Perhaps Hugo Barra and Xiaomi would like to answer how and why the Bluebox app "trustable" is in the Mi. app store when Bluebox niether uploaded,nor authorized Xiaomi to load it. This is still unanswered,but perhaps it was the fake phone manufacturer,or somehow hackers loaded it. I mean Xiaomi should have some smart answer for this,right? So we are supposed to believe that some group was able to replicate the phone so precisely,and modify the os so exactingly as to fool not only Bluebox,but others at Xiaomi at first. Now ttell me,who would be able to spend all that time and money,and I'm sure it was very expensive,to be able to pull this off. We are asked to believe all this simply on Xiaomi's word,with no evidence being offered by them. Where are these android certifications,who performs the certifications on their phones. And why have all thur tech writers not written about these new phones finally having Google services. Have I simply missed all this great news. No,I think not. Because up until a few days ago,everyone believed Xiaomi was using a FORKED VERSION! No my fellow Android users,there is much more to this story yet to be revealed. Stay tuned!
posted on Mar 14, 2015, 12:52 PM 0
Send a warning to post author
Send a warning to Selected user.
The user has 0 warnings currently.
Next warning will result in ban!
Ban user and delete all posts
Message to PhoneArena moderator (optional):