• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • December 10th, 2019
  • Home
  • About Us
  • Team
  • Advertise
  • Submit News
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Google+
    • Linkedin
    • Youtube
Home » Security » Critical Vulnerability Allows attacker to have full control over LG Smartphones

Critical Vulnerability Allows attacker to have full control over LG Smartphones

February 12th, 2015 Waqas Security 0 comments
Critical Vulnerability Allows attacker to have full control over LG Smartphones
Share on FacebookShare on Twitter

Search-Lab Ltd. discovered a serious security vulnerability in the On Screen Phone protocol used by LG Smart Phones. A malicious attacker is able to bypass the authentication phase of the network communication, and thus establish a connection to the On Screen Phone application without the owner’s knowledge or consent.

Once connected, the attacker could have full control over the phone – even without physical access to it. The attacker needs only access to the same local network as the phone is connected to, for example via Wi-Fi. The LG On-Screen Phone application (OSP) makes it easy to access and control LG’s Android smartphones through a PC.

The connection can be established either by using an USB cable or wirelessly through Wi-Fi or Bluetooth. When attempting to connect to the phone via OSP, a popup dialog is displayed on the phone and it is to be confirmed and accepted by the owner. Once the channel is established, the screen contents of the device are being transmitted to the PC as a motion stream, mouse clicks on the PC are turned into touch events on the phone. By using OSP one can control an LG Smart Phone just like it was in their hands.

Watch the video below for live proof:

The application is available through the manufacturer’s custom store for install, and is preinstalled on many LG Smart Phones, including G1 & G2. SEARCH-LAB Ltd. responsibly reported this threat to the manufacturer in September 2014 who confirmed the severity of the issue and started working on the fix in turn.

The patched version of the application is now available to download through LG’s Update Center and/or will be available in form of Maintenance Release for some models. LG smartphone users should make sure to have at least version 4.3.010 of the On Screen Phone (OSP) application installed. Please note that when OSP is pre-installed, the device is vulnerable by default – OSP is started automatically and cannot be disabled in Settings. 

Read technical details here.

Follow @HackRead

  • Tags
  • Android
  • LG
  • security
  • Smartphones
  • Vulnerability
Facebook Twitter Google+ LinkedIn Pinterest
Previous article DEA Making Huge Photo Database of Country’s Drivers, vehicles’ number plates
Next article DARPA Builds 'Memex' Deep Web Search Engine to Track Sex Traffickers
Waqas

Waqas

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism.

Related Posts
Cyber attack cripples networks in city of Pensacola days after shooting

Cyber attack cripples networks in city of Pensacola days after shooting

Fake VPN website delivering password-stealing malware

Fake VPN website delivering password-stealing malware

New privacy tool exposes which website leaves your data unprotected

New privacy tool exposes which website leaves your data unprotected

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

LATEST POSTS
Cyber attack cripples networks in city of Pensacola days after shooting
Cyber Attacks

Cyber attack cripples networks in city of Pensacola days after shooting

26
20 years prison for Romanian hackers who infected 400,000 computers
Cyber Crime

20 years prison for Romanian hackers who infected 400,000 computers

272
FBI uses PlayStation to bust large scale drug deal
Cyber Crime

FBI uses PlayStation to bust large scale drug deal

751
Fake VPN website delivering password-stealing malware
Security

Fake VPN website delivering password-stealing malware

1302

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.

Follow us