LG has fixed a vulnerability in its G3 smartphone that researchers said could potentially allow an attacker to remotely steal sensitive data saved on the device’s SD Card. An estimated 10 million G3 units are said to be vulnerable.
The vulnerability is in an app called Smart Notice, which comes pre-installed on new LG G3 devices, and can be thought of as a scaled down version of Google Now, delivering you relevant information before you need it.
The problem is that the app doesn’t validate the data it handles, potentially allowing attackers to execute malicious code by manipulating the information it ferries to the user.
“Using the vulnerability, an attacker can easily open the user device to data theft attack, extracting private information saved on the SD Card including WhatsApp data and private images; put the user in danger of phishing attack by misleading the end-user; and enable the installation of a malicious program on the device,” researchers revealed in a blog post.
“We informed LG, which responded quickly to notice of the vulnerability and we encourage users to immediately upgrade their application to new Smart Notice release, which contains a patch.”