LG fixes vulnerability that affected millions of G3 devices

LG has fixed a vulnerability in its G3 smartphone that researchers said could potentially allow an attacker to remotely steal sensitive data saved on the device's SD Card. An estimated 10 million G3 units are said to be vulnerable.
The vulnerability is in an app called Smart Notice, which comes pre-installed on new LG G3 devices, and can be thought of as a scaled down version of Google Now, delivering you relevant information before you need it.
The problem is that the app doesn't validate the data it handles, potentially allowing attackers to execute malicious code by manipulating the information it ferries to the user.
"Using the vulnerability, an attacker can easily open the user device to data theft attack, extracting private information saved on the SD Card including WhatsApp data and private images; put the user in danger of phishing attack by misleading the end-user; and enable the installation of a malicious program on the device," researchers revealed in a blog post.
"We informed LG, which responded quickly to notice of the vulnerability and we encourage users to immediately upgrade their application to new Smart Notice release, which contains a patch."
Source (registration required) | Via

Comments

Popular posts from this blog

iPhone 8 Plus and iPhone 8 now rule DxOMark's rankings with best smartphone cameras ever tested

Google confirms that it's launching two flagship Android Wear smartwatches in early 2017

Samsung Galaxy Tab 4 7.0 LTE

HTC Desire 501

Samsung explains the new tech behind the Galaxy S5 Super AMOLED display

Huawei sends invites for IFA event, teases new Honor phone