Menu
LG patches data theft bug affecting millions of Android phones

LG patches data theft bug affecting millions of Android phones

Malicious JavaScript could be entered into a contact form

LG has patched a security flaw in an application preinstalled on millions of its Android G3 smartphones that researchers found could be used to steal a variety of data.

The application, called Smart Notice, is a kind of multifunctional widget, managing contacts, notifications, and weather and traffic alerts.

Researchers from BugSec and Cynet, two computer security companies, found that they could attack a person's phone by sending them a contact with malicious JavaScript contained in the name field, according to a video.

Once the code was on the phone, any information stored on its SD card, such as private images and chat logs, could be stolen.

"The root cause for the security problem is the fact that Smart Notice does not validate the data presented to the users," BugSec and Cynet wrote in a blog post on Thursday.

The researchers found a variety of ways to trigger their malicious code and carry out actions, such as opening a phishing site that tries to steal a person's Gmail credentials or prompt a person to download a remote access trojan.

"With a little tweak, we were able to load external scripts from a remote host and 'refresh' our code every few seconds, giving us the ability to have active command and control over the LG phone and send new payloads," the companies wrote.

It was also possible to conduct a denial-of-service attack that could only be stopped by doing a hard reset of the phone, they wrote.


Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Featured

Slideshows

Sizing up the NZ security spectrum - Where's the channel sweet spot?

Sizing up the NZ security spectrum - Where's the channel sweet spot?

From new extortion schemes, outside threats and rising cyber attacks, the art of securing the enterprise has seldom been so complex or challenging. With distance no longer a viable defence, Kiwi businesses are fighting to stay ahead of the security curve. In total, 28 per cent of local businesses faced a cyber attack last year, with the number in New Zealand set to rise in 2017. Yet amidst the sensationalism, media headlines and ongoing high profile breaches, confusion floods the channel, as partners seek strategic methods to combat rising sophistication from attackers. In sizing up the security spectrum, this Reseller News roundtable - in association with F5 Networks, Kaspersky Lab, Tech Data, Sophos and SonicWall - assessed where the channel sweet spot is within the New Zealand channel. Photos by Maria Stefina.

Sizing up the NZ security spectrum - Where's the channel sweet spot?
Kiwi channel comes together for another round of After Hours

Kiwi channel comes together for another round of After Hours

The channel came together for another round of After Hours, with a bumper crowd of distributors, vendors and partners descending on The Jefferson in Auckland. Photos by Maria Stefina.​

Kiwi channel comes together for another round of After Hours
Show Comments