Secondary, the BlueBox information security testing is not so professional. They just use anti-virus/anti-malware programs to scan the device. Why I say that, let me tell you. I can very easily to bypass any anti-virus/anit-malware programs. That means, those anti-virus/anti-malware programs cannot detect my malware. Let me show you : http://www.infosec-ninjas.com/in ... rse_on_windows7_sp1
Meanwhile, a professional information security guy should confirm that vulnerabilities can be exploited or not. Not just saying it has that vulnerability when we scan the device with this and that anti-virus/anti-malware programs. How about false-positive?
In additional, as far as I know, the BlueBox get the device is not from the formal channel. That is the question. Everyone knows that everyone can make an Android ROM if he has the knowledge.
At last, this testing method is very similar to one of the test that conducted by one of the Information security companies in Hong Kong for the TV Box from China.
Bluebox Labs has been talking with the security team at Xiaomi. The security team did provide some clarified feedback that we had sought out in our original disclosure on the security posture of the MIUI ROM that Xiaomi ships with its devices. The team ran Trustable by Bluebox on the device and received a score of 6.7, a much better score over what Bluebox found with the non-standard MIUI ROM.