2 Vulnerabilities that can let any hacker control you device
According to the security firm blog, the Check Point researchers found out the vulnerabilities few months ago and its related to all LG android devices. The vulnerabilities are coming from the original keyboard.
How does this exploit work? It’s easy, when you use LG keyboard and change language or update the keyboard you actually send a command to the server and it returns as a download to the device. Now, that server is an insecure HTTP and welcoming a Man in the Middle attack on the device.
If someone want to attack you, they can inject new lines of code to the server and by this to take control over your device.
The second vulnerability is to use the location and manipulate it , the attacker can add a TXT file and when you download the new language your device assumes that this TXT file is part of the package.
Those exploits were tested succsessfully on LG flagship devices like LG G4, G5 and G6. LG also said that there was an important security update that will fix it, but they didn’t mention if all devices will get it.