LG releases security patch for ‘SNAP’ vulnerability

January 29, 2016

Views: 3941

After fixing the bootloop problem due to loose contacts of the LG G4, the South Korean company is releasing a solution for a security hole on the LG G3. It's very unfortunate that about ten million G3 units are vulnerable to malicious attacks. It's just a possibility that chat histories can be stolen but at least we know a fix is ready.

According to LG, the problem can be found on the Smart Notice app. It's a native app installed on LG G3 phones that shows notifications and suggestions. It also shows recommendations to stay in touch with other people by showing contacts, birthdays, and reminders. The problem lies on the fact that there is no way for the app to check if data is valid. This way, anyone can easily manipulate data that can actually contain some malicious code.

This vulnerability can allow an attacker to open information and data on the phone. This access will also allow anyone to get private information, photos, and even chat histories which are supposed to be private. LG has released an update to the Smart Notice app after being informed of the vulnerability. LG was quick to respond and added a security patch to the app update.

Thanks to BugSec and Cynet researchers for discovering this "severe security vulnerability" in LG phones. That's how they described this issue. It's severe because it can "easily lead to authentic phishing attacks and to a full denial of service (DOS) on the device" according to Cynet. They further explained that an attacker can just run arbitrary JavaScript code on the smartphones. The vulnerability actually has a name. It's officially called 'SNAP' by the security researchers.

All is fixed now, hopefully, as LG has already released a security patch. It's up to the LG G3 owners to install the said update ASAP.

VIA: ArsTechnica

SOURCE: Cynet


Tags: , , , ,

  • tabatt13

    We’re is the update link? I haven’t seen it posted anywhere?