Post

Critical Vulnerabilities in Ulefone and Krüger&Matz Phones: How Preinstalled Apps Pose Major Security Risks

Posted
By Tom Grant
1 min read
Critical Vulnerabilities in Ulefone and Krüger&Matz Phones: How Preinstalled Apps Pose Major Security Risks

TL;DR

  • Ulefone and Krüger&Matz smartphones have preinstalled apps with vulnerabilities that can perform factory resets and steal PINs.
  • Three specific flaws are detailed, with one allowing any installed app to exploit these weaknesses.
  • Users are advised to update their devices promptly to mitigate these risks.

Critical Vulnerabilities in Preinstalled Apps

Recent disclosures have revealed significant security vulnerabilities in preloaded Android applications on smartphones manufactured by Ulefone and Krüger&Matz. These flaws could enable any installed app to perform a factory reset and encrypt applications, posing substantial risks to user data and device integrity.

Detailed Analysis of the Vulnerabilities

  1. CVE-2024-13915 (CVSS score: 6.9)
    • Affected Application: “com.pri.factorytest”
    • Impact: This preinstalled app on Ulefone devices allows unauthorized factory resets.
  2. CVE-2024-13916 (CVSS score: 7.2)
    • Affected Application: “com.krüger.systemupdate”
    • Impact: This app on Krüger&Matz phones can be exploited to steal the device PIN, compromising user security.
  3. CVE-2024-13917 (CVSS score: 8.1)
    • Affected Application: “com.common.encryptservice”
    • Impact: Found on both Ulefone and Krüger&Matz devices, this app enables unauthorized encryption of applications, leading to potential data loss.

Implications for Users

These vulnerabilities highlight the importance of scrutinizing preinstalled applications on smartphones. Users are advised to:

  • Update Device Software: Ensure that their devices are running the latest software updates provided by the manufacturers.
  • Install Security Apps: Use reputable security applications to monitor and protect against potential threats.
  • Regularly Backup Data: Maintain regular backups to safeguard against data loss in case of unauthorized encryption.

Conclusion

The discovery of these vulnerabilities underscores the need for vigilant cybersecurity practices. Users of Ulefone and Krüger&Matz smartphones should take immediate action to update their devices and implement additional security measures. Staying informed about such threats is crucial for maintaining digital safety.

For more details, visit the full article: source

Additional Resources

For further insights, check:

References

Cybersecurity & Data Protection, Vulnerabilities
cybersecurity vulnerability threat-intelligence
This post is licensed under CC BY 4.0 by the author.