[UPDATE] Xiaomi Mi 6 security flaw: discovered during the "pwn20wn"

During the famous race of hackers (good ones you mean) call Pwn20wn and held in Tokyo on 13 and 14 November last, two famous hakers deployed from the Light Side of the Force have discovered one Falla in the safety of an 6 Mi updated to the latest patches. It is Richard Zhu and Amat Cama which together form the duo called "fluoroacetate".

fluoroacetate cama zhu

Pwn20wn is the annual challenge organized by HP where the best hackers challenge each other to test the latest top-of-the-range smartphones and see if they are really safe or not. Richard Zhu and Amat Cama, who we see in the picture, have won a prize of $50.000 for having found one Falla in an iPhone X using Safari and using a faulty access point. But the news is not just about iPhone X, but also the Xiaomi Mi 6: with a procedure similar to that of the iPhone, they managed to pierce the security of the device passing from a flaw.

The flaw in security

What the two hackers have managed to do is exploit an NFC bug, the wireless technology that allows payment among other things (see ApplePay). The Fluoroacetate duo has started the device browser and connected to a malicious site on the network without the user being aware of it. Hence the two hackers moved up to find a flaw in the JavaScript engine (language used for web programming) on the same browser and have shown that, by piercing such a weak protection, it would be possible to ruin sensitive data of users without their knowledge.

A similar flaw would also have been found on a Samsung Galaxy S9. For the time being, the three companies concerned have not declared anything but surely, as soon as I heard the news, the security technicians immediately went to work to solve the problem before becoming a capital case.


We are pleased to inform you that the Xiaomi press agency has updated the situation: with a timely update (the time of only one week) via OTA released today in Beijing at 19.00 (Chinese time), the security problem was definitely Resolved:

"We are aware of the issue and released an OTA on November 19 Beijing time to fix it. Xiaomi takes the security of our smartphones very seriously and we appreciate the efforts of the security community in helping to make our smartphones even more secure. "

As always we would like to remember that "the upper floors" always have the user experience at heart and are committed to solving bugs and problems of various kinds at the software level every day. For this reason Xiaomi thanks wholeheartedly to us users but especially the two hackers who discovered the flaw.

Gianluca Cobucci

Gianluca Cobucci

Passionate about technology, especially smartphones and PCs. I do my job with passion and respect the work of others.


0 Post comments
Inline feedback
View all comments