小米手機預裝木馬程式 官方否認

小米手機再爆出保安漏洞疑雲!美國手機安全公司Bluebox發現,其測試的小米手機4 LTE版本中內置了六款可疑應用程式(Apps),部份被視為惡意、間諜或廣告程式,其中一個名為“Yt Service”的應用程式,會偽裝成一個由Google提供的服務,以降低用戶戒心,並會在未經用戶同意下自行下載其他Apps,或在通知欄上發廣告等。另外,該手機亦有程式是木馬程式,容易黑客操控用戶的手機。

Bluebox又指,小米的手機操作系統MIUI,有多個安全漏洞,容易受到黑客攻擊。

對於Bluebox的指控,小米回應指出,對方所測試的手機並非在官方渠道購買。小米國際副總裁Hugo Barra表示,該MIUI亦非小米標準的操作系統,因為手機不會預裝惡意應用程式。不過Bluebox強調,小米仍須加強其手機認證的能力,令分銷商及消費者更容易辨認其官方生產的手機。

http://hk.apple.nextmedia.com/realtime/finance/20150309/53513221

好心您電子news 就咪睇apple喇
https://bluebox.com/blog/technic ... d-put-data-at-risk/

TOP

根本就繼續抵賴,乜都話係假,唔關我事.....

TOP

間公司係咪假嫁

TOP

提示: 作者被禁止或刪除 內容自動屏蔽

TOP

其實做測試為甚麼又不從官方途徑購賣呢?

TOP

First of all, the original blog of BlueBox is here : https://bluebox.com/blog/technic ... d-put-data-at-risk/

Secondary, the BlueBox information security testing is not so professional.  They just use anti-virus/anti-malware programs to scan the device.  Why I say that, let me tell you.  I can very easily to bypass any anti-virus/anit-malware programs.  That means, those anti-virus/anti-malware programs cannot detect my malware.  Let me show you : http://www.infosec-ninjas.com/in ... rse_on_windows7_sp1

Meanwhile, a professional information security guy should confirm that vulnerabilities can be exploited or not.  Not just saying it has that vulnerability when we scan the device with this and that anti-virus/anti-malware programs.  How about false-positive?

In additional, as far as I know, the BlueBox get the device is not from the formal channel.  That is the question.  Everyone knows that everyone can make an Android ROM if he has the knowledge.

At last, this testing method is very similar to one of the test that conducted by one of the Information security companies in Hong Kong  for the TV Box from China.

The conclusion is that they are NOT PROFESSIONAL.

Samiux

TOP

用得大陸機要預左送呢D

TOP

Bluebox Labs has been talking with the security team at Xiaomi. The security team did provide some clarified feedback that we had sought out in our original disclosure on the security posture of the MIUI ROM that Xiaomi ships with its devices. The team ran Trustable by Bluebox on the device and received a score of 6.7, a much better score over what Bluebox found with the non-standard MIUI ROM.

TOP

提示: 作者被禁止或刪除 內容自動屏蔽

TOP