Check Point found Vulnerabilities on LG devices

2 Vulnerabilities that can let any hacker control you device

According to the security firm blog, the Check Point researchers found out the vulnerabilities few months ago and its related to all LG android devices. The vulnerabilities are coming from the original keyboard.

How does this exploit work? It’s easy, when you use LG keyboard and change language or update the keyboard you actually send a command to the server and it returns as a download to the device. Now, that server is an insecure HTTP and welcoming a Man in the Middle attack on the device.

If someone want to attack you, they can inject new lines of code to the server and by this to take control over your device.

The second vulnerability is to use the location and manipulate it , the attacker can add a TXT file and when you download the new language your device assumes that this TXT file is part of the package.

Those exploits were tested succsessfully on LG flagship devices like LG G4, G5 and G6. LG also said that there was an important security update that will fix it, but they didn’t mention if all devices will get it.

Source.

Roy Shpitalnik

lived the life of a BlackBerry since 2009 so I was first exposed to 8900. With Israeli cellular world history, training and knowledge for more on BlackBerry, I decided to join the community. When the Media bash BlackBerry on regular basis i decided to Join BerryIL.COM. The true must be published. Contact me on Twitter : @SimpleBerryRoy

Top