Recent security analyses have uncovered significant vulnerabilities in preinstalled applications on smartphones from Ulefone and Krüger&Matz. These flaws could allow malicious applications to perform unauthorized actions, such as initiating factory resets and accessing sensitive user data.
Identified Vulnerabilities:
1. Factory Reset Vulnerability (CVE-2024-13915): A preinstalled application named com.pri.factorytest on Ulefone and Krüger&Matz devices exposes a service called com.pri.factorytest.emmc.FactoryResetService. This service permits any installed application to execute a factory reset without user consent, potentially leading to data loss and device instability.
2. PIN Code Exposure (CVE-2024-13916): On Krüger&Matz smartphones, the com.pri.applock application allows users to encrypt other applications using a PIN code or biometric data. However, it also exposes a content provider named com.android.providers.settings.fingerprint.PriFpShareProvider. This provider’s query() method can be exploited by malicious applications to retrieve the user’s PIN code, compromising the security of encrypted applications.
3. Intent Injection Vulnerability (CVE-2024-13917): The same com.pri.applock application on Krüger&Matz devices exposes an activity called com.pri.applock.LockUI. This activity allows any application, regardless of its permissions, to inject arbitrary intents with system-level privileges into protected applications. Exploiting this vulnerability requires knowledge of the user’s PIN code, which could be obtained through the previously mentioned CVE-2024-13916 flaw.
Implications and Risks:
These vulnerabilities pose significant risks to users:
– Unauthorized Factory Resets: Malicious applications could erase all user data by initiating factory resets without consent.
– Data Theft: Exposure of PIN codes can lead to unauthorized access to encrypted applications, compromising sensitive information.
– Privilege Escalation: Intent injection can grant malicious applications elevated privileges, enabling them to perform actions beyond their original permissions.
Broader Context:
The discovery of these vulnerabilities highlights a recurring issue in the Android ecosystem: the presence of security flaws in preinstalled applications. Similar incidents have been reported in the past:
– Preinstalled Malware: In 2017, security firm Check Point identified malware preinstalled on 36 Android devices from various manufacturers, including Samsung and LG. The malware was added somewhere along the supply chain, compromising device security before reaching consumers. ([blog.checkpoint.com](https://blog.checkpoint.com/research/preinstalled-malware-targeting-mobile-users/?utm_source=openai))
– German Authorities’ Warning: In 2019, the German Federal Office for Information Security (BSI) warned about preinstalled malware on certain tablets and smartphones, including models from Krüger&Matz and Ulefone. The malware could send device data to command and control servers and potentially spy on personal information. ([xinhuanet.com](https://www.xinhuanet.com/english/2019-02/27/c_137852713.htm?utm_source=openai))
– Research Findings: A 2019 study titled An Analysis of Pre-installed Android Software examined preinstalled software on Android devices from over 200 vendors. The study revealed that the Android supply chain lacks transparency, facilitating potentially harmful behaviors and unauthorized access to sensitive data without user consent. ([arxiv.org](https://arxiv.org/abs/1905.02713?utm_source=openai))
Recommendations for Users:
To mitigate the risks associated with these vulnerabilities, users are advised to:
– Update Devices: Regularly check for and install firmware updates from the device manufacturer to patch known vulnerabilities.
– Install Security Software: Use reputable mobile security applications to detect and prevent malicious activities.
– Review App Permissions: Be cautious about granting permissions to applications, especially those that request access to sensitive data or system functions.
– Monitor Device Behavior: Stay vigilant for unusual device behavior, such as unexpected resets or unauthorized access to applications.
Conclusion:
The identification of these vulnerabilities underscores the importance of rigorous security assessments for preinstalled applications on smartphones. Manufacturers must prioritize security in their software development and supply chain processes to protect users from potential threats.
