CVE-2018-14985 : What You Need to Know
Learn about CVE-2018-14985 affecting the Leagoo Z5C Android device, allowing any co-located app to trigger a factory reset without permissions, potentially leading to data loss. Find mitigation steps and prevention measures.
The Leagoo Z5C Android device is vulnerable to a factory reset initiated by any co-located app without requiring permissions, potentially leading to data loss.
Understanding CVE-2018-14985
What is CVE-2018-14985?
The Leagoo Z5C Android device has a specific configuration that allows any app co-located on the device to perform a factory reset programmatically without needing permissions.
The Impact of CVE-2018-14985
The vulnerability can result in the loss of all user data and apps on the device, including unsaved or unsynced data.
Technical Details of CVE-2018-14985
Vulnerability Description
The pre-installed platform app com.android.settings on the Leagoo Z5C device contains a broadcast receiver that enables any co-located app to trigger a factory reset.
Affected Systems and Versions
- Product: Not applicable
- Vendor: Not applicable
- Versions: Not applicable
Exploitation Mechanism
- The vulnerable app component allows any app on the device to initiate a factory reset without requiring permissions.
Mitigation and Prevention
Immediate Steps to Take
- Avoid installing unknown or untrusted apps on the device.
- Regularly back up important data to prevent loss in case of a factory reset.
Long-Term Security Practices
- Keep the device's software up to date to patch known vulnerabilities.
- Use Mobile Device Management (MDM) apps to control and secure device settings.
Patching and Updates
- Check for and apply any security updates or patches provided by the device manufacturer.