LG fixes vulnerability that affected millions of G3 devices

LG has fixed a vulnerability in its G3 smartphone that researchers said could potentially allow an attacker to remotely steal sensitive data saved on the device's SD Card. An estimated 10 million G3 units are said to be vulnerable.
The vulnerability is in an app called Smart Notice, which comes pre-installed on new LG G3 devices, and can be thought of as a scaled down version of Google Now, delivering you relevant information before you need it.
The problem is that the app doesn't validate the data it handles, potentially allowing attackers to execute malicious code by manipulating the information it ferries to the user.
"Using the vulnerability, an attacker can easily open the user device to data theft attack, extracting private information saved on the SD Card including WhatsApp data and private images; put the user in danger of phishing attack by misleading the end-user; and enable the installation of a malicious program on the device," researchers revealed in a blog post.
"We informed LG, which responded quickly to notice of the vulnerability and we encourage users to immediately upgrade their application to new Smart Notice release, which contains a patch."
Source (registration required) | Via

Comments

Popular posts from this blog

Attopedia puts Wikipedia on your Android Wear smartwatch

Chromecast Audio currently available for just £15 in UK

D.M.A. Navi Watch app for Galaxy Gear puts Google Maps navigation on your wrist

iPhone SE teardown shows hardware ranging from iPhone 5 to 6s

OnePlus 2 torn down, gets 7/10 for repairability

Can a Chromebook Replace Your Laptop?