Recently, the company eScan has found a vulnerability in the shell for MIUI Xiaomi smartphones: built-in application for transfer Mi data Mover is not required to re-enter the passcode when unlocked the screen when you transfer data between Mi 2 and Redmi Max 4A. After the publication of the report the manufacturer has denied allegations about the bug, but now the press service of Xiaomi has given a detailed answer explaining the situation.
Mi Mover is a handy tool that allows you to transfer data from old smartphone to new. To do this, you must first enter the password. Moreover, Mi Mover advantage is possible only if the smartphone is unlocked. Thus, there are two levels of data protection user: phone lock and password for Mi Mover.
Returning to the report Escan, here is the comment from our security team: “with regard to reasons given team Escan, someone needs to take over the user’s smartphone and unlock it. It is extremely hard to do and therefore seems unlikely. In this case, we can only talk about the theoretical possibility of acquisition of user data. For data protection you must not give the criminals to steal and unlock your smartphone”.