[prev in list] [next in list] [prev in thread] [next in thread]
List: full-disclosure
Subject: Re: [FD] Anhui Huami Mi Fit Android Application - Unencrypted Update Check
From: Tim <strazz () gmail ! com>
Date: 2019-11-26 18:32:04
Message-ID: CAFENBwoNqzPA3rFx7wkRqrNu9rn6bU_tHBGEUQy7HjCZ+bhRvw () mail ! gmail ! com
[Download RAW message or body]
What's the issue here exactly? An attacker can just prevent an the in app
update check from realizing it needs to nag the user?
The actual update logic and update-ability is controlled through the Play
Store, no?
-Tim Strazzere
On Tue, Nov 26, 2019 at 10:27 AM David Coomber <
davidcoomber.infosec@gmail.com> wrote:
> Anhui Huami Mi Fit Android Application - Unencrypted Update Check
> --
> https://www.info-sec.ca/advisories/Huami-Mi-Fit.html
>
> Overview
>
> "Mi Fit tracks your activity, analyzes sleep, and evaluates your workouts."
>
> (https://play.google.com/store/apps/details?id=com.xiaomi.hm.health)
>
> Issue
>
> The Anhui Huami Mi Fit Android application (version 4.0.10 and below),
> does not encrypt the connection when it checks for an update.
>
> Impact
>
> An attacker who can monitor network traffic may be able to tamper with
> the application's update function.
>
> Timeline
>
> October 21, 2019 - Attempted to obtain a security contact via an email
> to support@amazfit.com
> October 22, 2019 - Provided the details to CERT/CC
> October 23, 2019 - CERT/CC opened a case for tracking
> November 4, 2019 - Attempted to obtain a security contact via an email
> to security@xiaomi.com
>
> Solution
>
> Upgrade to version 4.0.11 or later
>
> _______________________________________________
> Sent through the Full Disclosure mailing list
> https://nmap.org/mailman/listinfo/fulldisclosure
> Web Archives & RSS: http://seclists.org/fulldisclosure/
>
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic