CVE-2018-6598 in Wonder RC555L
Summary
by MITRE
An issue was discovered on Orbic Wonder Orbic/RC555L/RC555L:7.1.2/N2G47H/329100b:user/release-keys devices. Any app co-located on the device can send an intent to factory reset the device programmatically because of com.android.server.MasterClearReceiver. This does not require any user interaction and does not require any permission to perform. A factory reset will remove all user data from the device. This will result in the loss of any data that the user has not backed up or synced externally. This capability to perform a factory reset is not directly available to third-party apps (those that the user installs themselves), although this capability is present in an unprotected component of the Android OS. This vulnerability is not present in Google's Android Open Source Project (AOSP) code. Therefore, it was introduced by Orbic or another entity in the supply chain.
Be aware that VulDB is the high quality source for vulnerability data.
Analysis
by VulDB Data Team • 03/19/2020
The vulnerability identified as CVE-2018-6598 represents a critical security flaw in specific Orbic devices running Android 7.1.2, namely the Orbic Wonder Orbic/RC555L/RC555L:7.1.2/N2G47H/329100b model. This issue stems from an improperly protected system component within the Android operating system framework, specifically the com.android.server.MasterClearReceiver class. The flaw allows any application co-located on the device to programmatically trigger a factory reset without requiring user interaction or any form of permission validation, creating a significant security risk for end users. The vulnerability exists in the device's firmware implementation rather than in the core Android Open Source Project, indicating that Orbic or their supply chain partners introduced this weakness through custom modifications or improper security hardening during device customization.
The technical nature of this vulnerability aligns with CWE-284, which addresses improper access control mechanisms within software systems. The flaw occurs because the MasterClearReceiver component lacks proper authentication and authorization checks, allowing any application with access to the device to send an intent that triggers the factory reset functionality. This represents a fundamental breakdown in Android's security model where system-level operations that should require explicit user consent or elevated privileges can be executed programmatically by any application. The vulnerability operates at the system level within the Android framework, bypassing standard permission models that would normally prevent third-party applications from performing such destructive operations. The absence of this vulnerability in Google's AOSP codebase further confirms that the issue was introduced through custom implementations by Orbic or their partners, making it a supply chain security concern rather than a fundamental Android flaw.
The operational impact of this vulnerability is severe and potentially devastating for device users. Any malicious application or compromised application that gains access to the device can silently perform a factory reset, resulting in complete data loss for the user. This includes all personal information, photos, documents, application data, and settings that have not been backed up or synchronized with external services. The lack of user interaction requirement means that users cannot detect or prevent the reset operation, making it particularly dangerous as it can occur without any warning or consent from the device owner. The vulnerability affects all applications co-located on the device, which may include pre-installed applications, carrier-specific software, or applications installed by third parties, creating a broad attack surface for potential exploitation. This flaw essentially grants unrestricted factory reset capability to any application with access to the device, fundamentally undermining the user's control over their device's data integrity and security.
Mitigation strategies for this vulnerability should focus on both immediate device protection and long-term supply chain security improvements. Users should immediately backup all critical data and consider avoiding installation of untrusted applications on affected devices. Device manufacturers and carriers should implement proper security hardening measures to protect system components from unauthorized access, ensuring that sensitive operations like factory resets require explicit user confirmation or elevated privileges. The vulnerability highlights the importance of supply chain security and proper code review processes, as noted in the ATT&CK framework's emphasis on supply chain attacks and the importance of maintaining secure software development practices. Organizations should conduct regular security assessments of their device firmware and implement proper access controls for system-level components. Additionally, this vulnerability demonstrates the need for proper security testing and validation of custom Android implementations, particularly in the areas of privilege escalation and system-level operation controls, to prevent similar issues from being introduced in future device releases.