Yet another problem with an LG device has cropped up and supposedly patched by the electronics giant, marking a spell of bad luck (or bad QA?) than spans two devices. Hmm, I guess life isn’t too good for LG these days.
The vulnerability lies in the LG G3‘s Google Now-esque application Smart Notice. It comes preloaded on all new LG G3 devices and displays a variety of notifications and suggestions, including recommendations to stay in touch with favourite contacts.
What happened was, the app failed to validate the data presented to users, making it possible for attackers to manipulate the data and lace it with a malicious code that can be executed on affected devices. According to the researchers who found out about this vulnerability, the malicious code could be triggered when events like callback reminders or birthday notifications were displayed.
An estimated 10 million LG G3s were said to be affected by this vulnerability. The researchers developed several proof-of-concept payloads including one that harvested data from the SD card, another that opens the browser to any remote site and a third that performs a denial-of-service attack that could make the user’s phone go crazy.
Regardless, the are many ways this vulnerability can be exploited and that puts a lot of your personal information at risk. We have reached out to LG Malaysia to get a statement from them regarding this issue and whether or not it affects our local G3s. We will update you when we hear back from them.
[SOURCE]
