Last Thursday, Cynet revealed that their researchers, in collaboration with BugSec, had discovered a pretty serious vulnerability affecting LG G3 smartphones. They let LG know about the issue prior to publicizing it, and the company reacted quickly. A patch is now available that closes the data-theft hole, and LG is encouraging all G3 owners to update their devices as soon as possible.
The bug resides in a particular app called Smart Notice that comes pre-installed on LG G3 smartphones. The notification platform serves to ferry a variety of relevant information to users, but what it failed to do was vet data before presenting it. Researchers discovered it was possible to manipulate data in such a way that malicious code could be executed remotely.See also: LG wants to replace all your credit cards with White Card, coming at MWC
“The vulnerability can easily lead to authentic phishing attacks and to a full denial of service (DOS) on the device,” wrote Cynet. Since the app is pre-installed, the number of affected devices is estimated to be a staggering 10 million worldwide.
For those interested, Ars Technica has composed a more comprehensive write-up detailing the workings of this exploit and the two ways researchers were able to compromise devices through the bug. In the meantime, if you’ve got an G3 or know someone who does, better get that thing updated pronto.
What are your thoughts regarding this vulnerability and the way LG handled it? After the (false?) scare with the Linux bug earlier this month, it’s always good to hear about patches that make our devices and sensitive information safer and more secure. As always, let us know your thoughts and opinions in the comments below!