Security researchers of CheckPoint found the payment system built into Xiaomi smartphones powered by MediaTek chips is Vulnerable to Forged Payments.
From the analysis, they identified vulnerabilities that can allow the forging of payment packages or disabling the payment system directly from an unprivileged Android application.
Vulnerabilities have been identified in Xiaomi Redmi Note 9T and Redmi Note 11 models, which could be exploited to disable the mobile payment mechanism and even forge transactions via a rogue Android app installed on the devices.
After Considering how common mobile payments are as well as the use of Xiaomi phones, especially in Asian Markets attackers could fraud in the billions of U.S. dollars.
The findings in Checkpoint’s latest advisory come months after a Juniper Research study suggested the value of biometrically authenticated remote mobile payments will reach an estimated $1.2tn globally by 2027.
Xiaomi, following responsible disclosure, has addressed CVE-2020-14125 as part of updates released on June 6, 2022.
“The downgrade issue, which has been confirmed by Xiaomi to belong to a third-party vendor, is being fixed,” Check Point added.