Notebookcheck

Outdated LG Android software revealed to have security flaws

Outdated LG Android software revealed to have security flaws
Outdated LG Android software revealed to have security flaws
Owners of LG smartphones may want to keep their devices updated to avoid these vulnerabilities.

Cyber security is a never-ending search for vulnerabilities with major hacks of established entities nearly always making headlines. Last year's "Stagefright" issue on Android devices, for example, was highly publicized.

This time, two new security flaws have been discovered by the team over at Check Point Software that are exclusive to LG devices. Thankfully, LG had been contacted ahead of time before the vulnerability was made public in order for the manufacturer to provide a timely patch.

The first flaw allowed malicious apps to gain rights outside of its defined space to take over the phone while the second flaw would have made it possible for external attackers to delete or manipulate messages and obtain personal information from the owner. In particular, the first flaw exposed the vulnerabilities of the running service 'LGATCMDService' responsible for app communications without first requiring a user confirmation. A takeover could result in the following worst case scenarios:

  • Read and overwrite private identification details including IMEI or MAC addresses
  • Constant rebooting of device
  • Deletion of data
  • "Bricking" of the device
  • Ransomware

Meanwhile, the second flaw made use of the "WAP Push protocol" service responsible for allowing URLs to be sent via SMS. An attack on this specific vulnerability would have allowed outsiders to send false URLs masquerading as official LG updates to trick the owner into sending out personal information and receiving "official" updates.

Check Point Software has uploaded a demo of the vulnerabilities below.

Working For Notebookcheck

Are you a techie who knows how to write? Then join our Team! Indian citizens welcome!

Currently wanted: 
News and Editorial Editor - Details here

Source(s)

static version load dynamic
Loading Comments
Comment on this article
Please share our article, every link counts!
> Notebook / Laptop Reviews and News > News > News Archive > Newsarchive 2016 06 > Outdated LG Android software revealed to have security flaws
Florian Wimmer/ Allen Ngo, 2016-06- 5 (Update: 2016-06- 5)
Allen Ngo
Allen Ngo - US Editor in Chief
After graduating with a B.S. in environmental hydrodynamics from the University of California, I studied reactor physics to become licensed by the U.S. NRC to operate nuclear reactors. There's a striking level of appreciation you gain for everyday consumer electronics after working with modern nuclear reactivity systems astonishingly powered by computers from the 80s. When I'm not managing day-to-day activities and US review articles on Notebookcheck, you can catch me following the eSports scene and the latest gaming news.