LG is removing a security loophole that has made 10 million G3 smart phones vulnerable to hackers. The loophole has offered opportunity to the hackers to steal chat histories and other sensitive data stored in the smart phones.
The vulnerability has been reported to reside in an LG app called 'Smart Notice'. The app remains as built in on new LG G3 devices and displays a variety of notifications and suggestions.
The notifications include recommendations to stay in touch with favorite contacts, saving recent callers' contact information and birthday reminders. The app fails to validate data presented to users and thus attracts hackers to manipulate data, reports Ars Technica. Smart Notice exists in every new LG G3 device. Android smart phones and tablets from other manufacturers or earlier smart phone versions from LG are vulnerable to this risk. LG has debuted the Smart Notice app with its G3 model. Smart Notice displays recent notifications to users that may be forged to inject unauthenticated malicious code. The application is enabled by default on vulnerable devices. The problem originates from not validating user submitted data, a common type of software developer's error, reports The Register. Researchers from BugSec and Cynet, two computer security companies have demonstrated that they may attack a person's phone by sending a contact with malicious JavaScript contained in the name field. Once the code is saved on the phone, any information stored on its SD card may be hacked, according to a report published in PCWorld. The researchers have developed several proofs of concept payloads. These include harvesting data from the SD card, while another involves opening the browser to any remote site. The third option performs a denial of service attack which may make the phone operating crazy. Smart Notice app does not validate the data presented to users. This has been referred as the root of the problem by Idan Cohen, BurgSec's chief technology officer. However, no hacking information has yet been notified. Even no such malware has yet been identified that uses the security loophole. BugSec's research team has notified their findings on the G3 vulnerability issue to LG. LG has developed a new Smart Notice containing a patch. The Korean smart phone manufacturer urges its users to apply the patch enriched Smart Notice as soon as possible. However, LG hasn't responded to request for commenting on the issue. LG has introduced an app naming Smart Notice in its G3 smart phones. The app allows hackers to steal data since it doesn't validate user submitted data. This common developer error has made 10 million G3 smart phones vulnerable to hacking risks. Upon information, LG has updated the Smart Notice app through inserting a patch and requested its users to run the new app version ASAP.
Join the Conversation