A group of researchers are encouraging any smartphone users who own an LG G3 to upgrade their devices after coming across a serious security vulnerability.
The vulnerability, which researchers with the Israeli security firms BugSec and Cynet have nicknamed SNAP, stems from an issue that exists in a default app installed on each LG device.
The app, Smart Notice, pulls notifications from the device, but fails to validate user submitted data, meaning that when it pulls notifications and contacts, it feeds them directly to the app without thoroughly vetting them.
After they identified it, researchers with Cynet,Liran Segal and Scachar Korot, collaborated with BugSec’s CTO Idan Cohen, Head of Offensive Security Stas Volfus and Application Security Team Leader Israel Gurt to explore the vulnerability further.
“Using the vulnerability, an attacker can easily open the user device to data theft attack, extracting private information saved on the SD Card including WhatsApp data and private images,” the researchers wrote.
Harvesting data from the device’s SD Card, opening the phone’s browser to a remote site, tricking them into installing a third-party application, and forcing the device into an infinite loop are all “easy-to-do” with the vulnerability, they said.
The researchers notified LG of the vulnerability and the South Korean conglomerate pushed out a patch, but seeing as the phone was only released in 2014, insist millions of phones could still be vulnerable.
“LG reacted immediately, which we appreciate,” Cohen said, “This is a major potential security breach into the personal data of millions of LG users worldwide.”