A flaw discovered in some Xiaomi phones (opens in new tab) could have cost users their hard-earned money.  Cybersecurity experts from Check Point Research (CPR) found a flaw in the devices’ mobile payment mechanism, which threat actors could have used to sign fake payments, essentially stealing people’s money.  “We discovered a set of vulnerabilities that could allow forging of payment packages or disabling the payment system directly, from an unprivileged Android application,” commented Slava Makkaveev, Security Researcher at Check Point.
…
Read more