In a report published released last week at the annual DEF CON conference in Las Vegas, Check Point researchers revealed that a flaw in the smartphone maker Xiaomi could lead to mobile transactions being disabled, created, and signed by attackers. Xiaomi is the world’s third largest phone maker. The company has since patched the vulnerability, which lied in a trusted environment used to store payment data. If exploited, the flaw would have allowed attackers to hijack the mobile payment system. This could potentially lead to forged transactions initiated by the attacker.

The potential pool of victims is huge, considering the popularity of Xiaomi smartphones, and could be incredibly disruptive to consumers. All users should implement the patch immediately and ensure that their systems are up to date. Check Point’s study marks the first time that Xiaomi’s trusted applications have been found to contain security issues.