Article Details
Scrape Timestamp (UTC): 2025-06-02 15:19:07.684
Source: https://thehackernews.com/2025/06/preinstalled-apps-on-ulefone-kruger.html
Original Article Text
Click to Toggle View
Preinstalled Apps on Ulefone, Krüger&Matz Phones Let Any App Reset Device, Steal PIN. Three security vulnerabilities have been disclosed in preloaded Android applications on smartphones from Ulefone and Krüger&Matz that could enable any app installed on the device to perform a factory reset and encrypt an application. A brief description of the three flaws is as follows - While exploiting CVE-2024-13917 requires an adversary to know the protecting PIN number, it could be chained with CVE-2024-13916 to leak the PIN code. CERT Polska, which detailed the vulnerabilities, credited Szymon Chadam for responsibly disclosing them. However, the exact patch status of these flaws remain unclear. The Hacker News has reached out to both Ulefone and Krüger&Matz for additional comment and we will update the story if we hear back.
Daily Brief Summary
Security researchers disclosed vulnerabilities in preinstalled apps on Ulefone and Krüger&Matz smartphones.
The flaws could enable any installed app to factory reset the device or manipulate encryption.
One specific vulnerability, CVE-2024-13917, allows exploitation if the attacker knows the device's PIN.
Another related issue, CVE-2024-13916, can be used to leak the PIN code, increasing the risk.
The vulnerabilities were identified by Szymon Chadam and reported by CERT Polska.
The current patch status of these security issues is not confirmed.
Responses from Ulefone and Krüger&Matz regarding the issue are pending.