LG Patches The SNAP Vulnerability In G3 Devices
From previous days so many problems are coming with LG phones but users need not to worry at least we know that fix/patches for them are ready. They have already patched a bootloop problem which enables to loose contacts which are in the versions of LG G4.
One of the South Korean Company found out the patches for a security hole in the LG G3. Almost ten million G3 phones are vulnerable to the malicious attacks by which their chat histories could be easily stolen.
LG researchers told that this problem is with the Smart Notice app(an app that shows notifications and suggestions on LG G3 phones). Along with that, this app also shows contacts, birthdays, and reminders so that we can easily be in a contact with other people. This app doesn't contain any kind of techniques by which users can check that data is valid or not, and that's why anyone can easily manipulate the data that contain some malicious code that allows an attacker to gain access to any information(may be public & private), data, photos and chat histories too. After being informed of the vulnerability, LG released the latest update to Smart Notice app.
We found two possible scenarios:
Use the Callback function (ConciergeBoard\card_forms\reconnect_noti):
Use the Birthday function (ConciergeBoard\card_forms\birthday_noti_contact):
The “@string” parameter displays the contact name without any validation, when a callback notification is set,
Further investigation revealed to us where the update process is found: (ConciergeBoard\default_view\container)
But, users need not worry the vulnerability is fixed now by the researchers. Now it's up to the owners of LG G3 to install the said update ASAP.
Watch "Snap" Vulnerability Video: