• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • February 28th, 2021
  • Home
  • Advertise
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
Home
Cyber Crime
Phishing Scam

‘SNAP’ Vulnerability Affecting Millions of LG G3 Smartphones Users

February 2nd, 2016 Uzair Amir Android, Phishing Scam, Security 0 comments
‘SNAP’ Vulnerability Affecting Millions of LG G3 Smartphones Users
Share on FacebookShare on Twitter

Millions of LG G3 smartphone users are at risk of losing critical personal data due to a severe security weakness dubbed as the ‘SNAP’ vulnerability.

This vulnerability is so grave that it can lead to data theft, denial of service (DoS) attacks and phishing attacks on LG G3 smartphones.

According to the blog post from threat detection service facilitator Cynet, the vulnerability was identified by BugSec researchers Shachar Korot and Liran Segal. The vulnerability was discovered in LG smartphone Notice notification app and allows an attacker to launch arbitrary JavaScript code on newest LG devices.

You must not have heard about Smart Notice app before. So, check out the promotional video produced by LG for this particular app. The app appears harmless and pretty neat.. no!

Now read what security experts have to say about this app:

“The root cause of the security problem is the fact that Smart Notice does not validate the data presented to the users. Data can be taken from the phone contacts and manipulated.”

Specifically, the above-mentioned researcher duo identified that various Smart Notice functionalities such as the New Contact suggestion, Birthday notification, Callback reminder and Memo reminder can be exploited for executing an attack successfully using “Snap.”

Segal and Korot dug deeper into this matter and created a security research team to conduct different tests. The team inserted a “malicious” contact, which has malicious script embedded in the first name of the contact, and this was triggered by Smart Notice’s Callback and Birthday reminder functions.

This method let the team execute the WebView content code to the phone and acquire active command and control over the phone to send new payloads. Various easy-to-use payloads were created by the researchers over the course of their exploitation spree. This included harvesting data from the SD card present in the phone via an “open_url” function to activate any malicious third-party website, a normal web page or phishing page and create an infinite loop to place the phone out of commission effectively till the victim conducts a hard-reset.

It was also identified by the team that they could initiate as many attack vectors as possible to start exploiting the vulnerability. Some attacks are users focused such as inserting a contact surreptitiously with malicious code injected into the first name on a device. Or, they could social engineer the phone user into scanning an MMS or a QR code so that the user could be prompted to save the contact with only one click.

You may watch the ‘Snap’ vulnerability video on YouTube here:


[fullsquaread][/fullsquaread]

When contacted by the team of researchers, LG responded quickly and issued a new Smart Notice release that contained a patch for this vulnerability.

Idan Cohen, BugSec’s Chief Technology Officer, thanked LG for such quick response in a press release, in which he stated:

“LG reacted immediately, which we appreciate. This is a major potential security breach into the personal data of millions of LG users worldwide.”

Considering the graveness of the ‘Snap’ vulnerability, it is important that all users update their copy of the LG Smart Notice app at the earliest opportunity. Meanwhile, vendors can avoid ‘Snap’ like weaknesses by switching to input validation.

  • Tags
  • cyber attacks
  • DDOS
  • Infosec
  • LG
  • Phishing
  • Privacy
  • security
  • Smartphones
Facebook Twitter LinkedIn Pinterest
Previous article Crooks Sending Phishing Links in Text Messages To Steal PayPal Account
Next article Wikileaks' Julian Assange could be a free man this Friday, Thanks to UN
Uzair Amir

Uzair Amir

I am an Electronic Engineer, an Android Game Developer and a Tech writer. I am into music, snooker and my life motto is 'Do my best, so that I can't blame myself for anything.'

Related Posts
Microsoft release open-source CodeQL queries to hunt SolarWinds hacks

Microsoft release open-source CodeQL queries to hunt SolarWinds hacks

Hackers using malicious Firefox extension to phish Gmail credentials

Hackers using malicious Firefox extension to phish Gmail credentials

Botnet Abusing Bitcoin Blockchain To Evade Detection

Botnet Abusing Bitcoin Blockchain To Evade Detection

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

Latest Posts
Microsoft release open-source CodeQL queries to hunt SolarWinds hacks
Microsoft

Microsoft release open-source CodeQL queries to hunt SolarWinds hacks

Hackers using malicious Firefox extension to phish Gmail credentials
Security

Hackers using malicious Firefox extension to phish Gmail credentials

Apple Glass may feature 3D Audio and Self-Cleaning in new patent
Technology News

Apple Glass may feature 3D Audio and Self-Cleaning in new patent

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.

Follow us