LG patches its data theft bug in its G3 smartphones

LG provided a patch to fix a data theft issue in its LG G3 smartphones via ‘Smart Notice’ application. This is one of LG G3 pre-installed apps which manages contacts, notifications, weather and traffic alerts. However, once an arbitrary Javascript based malicious code affected the phone, it can steal private images and chat logs- for starters.

This malicious code can affect the LG G3 smartphone when one sends a contact. A demonstration of this was posted in a video. It starts with a video where an attacker can push a pop-up on the victim’s phone asking for a Google username and the password.

This was found by two security companies BugSec and Cynet. The companies made a blog post not too long ago. The post also indicated that the companies were able to create many easy-to-do-payloads other than data harvesting. The researchers found that those with the access can even perform a DoS attack on the LG G3. In this case, the DoS attack can be only be stopped when a hard reset is performed.

The problem with Smart Notice was that for an app which has a word ‘smart’, it doesn’t validate the data to LG G3 users. Hence, it ends up manipulating data such as phone contacts, Callback reminder, notifications and even Memo reminders. The group did notify the company and LG responded to this exploit by releasing a new security patch for the G3. Existing G3 users should patch their phones as quickly as possible. No other LG smartphones are being identified to have this security exploit.


Name Your Link



Leave a Reply

Your email address will not be published.