CVE-2019-12762

low-risk

Published 2019-06-06

Xiaomi Mi 5s Plus devices allow attackers to trigger touchscreen anomalies via a radio signal between 198 kHz and 203 kHz, as demonstrated by a transmitter and antenna hidden just beneath the surface of a coffee-shop table, aka Ghost Touch.

Do I need to act?

0.02% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 4.2/10 Medium

PHYSICAL / HIGH complexity

Affected Products (8)

Mi 5S Plus Firmware

Xperia Z4 Firmware

Galaxy S6 Edge Firmware

Galaxy S4 Firmware

Nexus 7 Firmware

Nexus 9 Firmware

Aquos Zeta Sh-04F Firmware

Arrows Nx F05-F Firmware

Affected Vendors

Fujitsu Samsung Google Sharp Sony Mi

References (4)

Third Party Advisory https://hackercombat.com/nfc-vulnerability-may-promote-ghost-screen-taps/

https://medium.com/%40juliodellaflora/ghost-touch-on-xiaomi-mi5s-plus-7079983086...

Third Party Advisory https://hackercombat.com/nfc-vulnerability-may-promote-ghost-screen-taps/

https://medium.com/%40juliodellaflora/ghost-touch-on-xiaomi-mi5s-plus-7079983086...

/ 100

low-risk

Severity 11/34 · Low

Exploitability 0/34 · Minimal

Exposure 14/34 · Moderate