Login Sign Up

CVE-2020-9531

7.3 HIGH

📋 TL;DR

This vulnerability in Xiaomi's GetApps app allows attackers to install apps and leak information via NFC when close to an unlocked phone. It affects Xiaomi MIUI V11.0.5.0.QFAEUXM devices where malicious parameters in web resources are executed despite URL safety checks. Users with affected devices and NFC enabled are at risk.

💻 Affected Systems

Products:
  • Xiaomi GetApps (com.xiaomi.mipicks)
Versions: Xiaomi MIUI V11.0.5.0.QFAEUXM and potentially earlier versions
Operating Systems: Android-based MIUI
Default Config Vulnerable: ⚠️ Yes
Notes: Requires NFC capability and the GetApps app to be present. Exploitation needs the device to be unlocked and NFC enabled.

📦 What is this software?

Miui Firmware by Mi

View all CVEs affecting Miui Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers can silently install malicious apps, steal sensitive data, and gain persistent access to the device when in close physical proximity to an unlocked phone.

🟠

Likely Case

Attackers in crowded places could exploit NFC to install unwanted apps or exfiltrate limited information from nearby unlocked devices.

🟢

If Mitigated

With NFC disabled or the device locked, exploitation requires physical access and user interaction, significantly reducing risk.

🌐 Internet-Facing: LOW - Exploitation requires physical proximity via NFC, not remote network access.
🏢 Internal Only: MEDIUM - In environments with physical access (e.g., offices), attackers could exploit unlocked devices if NFC is enabled.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires physical proximity via NFC but no authentication. Weaponization is likely given the simplicity and impact.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2001122

Vendor Advisory: https://sec.xiaomi.com/post/180

Restart Required: Yes

Instructions:

1. Update Xiaomi MIUI to version 2001122 or later via Settings > About phone > System update. 2. Ensure GetApps app is updated through the app store. 3. Restart the device after updating.

🔧 Temporary Workarounds

Disable NFC

android

Turn off NFC to prevent exploitation via physical proximity.

Navigate to Settings > Connection & sharing > NFC and toggle off

Lock Device When Not in Use

android

Keep device locked to prevent exploitation when NFC is active.

Set screen lock via Settings > Password & security > Screen lock

🧯 If You Can't Patch

  • Disable NFC in device settings to block the attack vector.
  • Keep device locked and avoid leaving it unattended in public places.

🔍 How to Verify

Check if Vulnerable:

Check MIUI version in Settings > About phone. If version is V11.0.5.0.QFAEUXM or earlier, the device is vulnerable.

Check Version:

adb shell getprop ro.miui.ui.version.name

Verify Fix Applied:

Confirm MIUI version is 2001122 or later in Settings > About phone and that GetApps is updated.

📡 Detection & Monitoring

Log Indicators:

  • Unexpected app installations via GetApps
  • NFC activation logs with suspicious payloads

Network Indicators:

  • Unusual network traffic from newly installed apps

SIEM Query:

source="android_logs" AND (event="app_install" AND app="GetApps" AND result="success") OR (event="nfc_trigger" AND payload_contains="malicious")

📊 Metadata

CVE ID: CVE-2020-9531
CVSS v3 Score: 7.3 (HIGH)
CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
Published: March 6, 2020
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON