G+_Marlon Thompson Posted March 19, 2015 Share Posted March 19, 2015 Some security firms are not to be trusted Originally shared by Kirill Grouchnikov Bluebox claimed that Xiaomi’s phone identifier app also claimed it was a legitimate product. Only if the researchers had done some, well, research, they would have understood how the phone identifier worked. Unfortunately, Xiaomi’s documentation for the app was only available in Chinese. Bluebox fell for a fake identifier app that simply showed the phone was legit by diagnosing the specifications locally. The real app however asks users to go to a website, scan a code and the phone then sends some hardware details in encrypted form to Xiaomi’s servers. Whether the phone is legit or counterfeit is again shown on that website only and not on the phone locally. May this haunt the people behind Bluebox for the rest of their "security" related careers. http://www.bgr.in/news/how-bluebox-fell-for-a-counterfeit-xiaomi-mi-4-to-claim-it-came-with-pre-installed-malware/ Link to comment Share on other sites More sharing options...
G+_L I Posted March 20, 2015 Share Posted March 20, 2015 If they could create an image to encapsulate this Bluebox debacle it would be one of those Calvin and Hobbes cartoons but instead Calvin's peeing into a fan blowing right back at him. Link to comment Share on other sites More sharing options...
Recommended Posts