Krüger&Matz Smartphones com.pri.applock Application PIN Code Exfiltration Vulnerability

Vulnerability

A vulnerability exists in the pre-loaded 'com.pri.applock' application on Krüger&Matz smartphones, specifically in version 13 (version code 33). The application allows users to encrypt other applications using a PIN code or biometric data. However, the 'com.android.providers.settings.fingerprint.PriFpShareProvider' content provider exposes a public method that enables malicious applications to exfiltrate the PIN code without requiring any special Android system permissions.

Impact

Exploitation of this vulnerability allows for unauthorized access to user-provided PIN codes, potentially leading to unauthorized decryption of applications encrypted with those PINs.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

3.3

remediation

0.0

relevance

0.1

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

3.3

remediation

0.0

relevance

0.1

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Krüger&Matz Smartphones com.pri.applock Application PIN Code Exfiltration Vulnerability

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating