Notification Center

This is our new notification center. Inside, you will find updates on the most important things happening right now.

Notifications

Hmm, push notifications seem to be disabled in your browser. You can enable them from the 'Settings' icon in the URL bar of your browser.

www.phonearena.com

Newfound security hole in the LG G3 made user data on it prone to intruders

7

If you're still rocking the LG G3 (pretty much the best Quad-HD smartphone $270 can buy), you might have been bugged about installing a Smart Notice patch recently. Smart Notice is a service that shows recent notifications in the form of cards, similar in style to Google Now. It is enabled by default on LG devices.

Thus, you might have given it a shot and liked it, or disabled it completely on your LG G3. Whatever the case is, you should know that LG released this patch to close a serious vulnerability in the service. It was discovered by Israeli cyber security firm BugSec, which affectionately called it "SNAP".

SNAP lets potential attackers execute arbitrary code and wreak havok such as stealing private data, pull off phishing scams, and crash the operating system. The root cause of the problem is that Smart Notice does not "validate" user-submitted data. Users of vulnerable devices only need to save an infected notification message to get, in the researchers's words, "pwned". Affected users would receive no warning or other signs that something awful has happened.

According to the source, the vulnerability is only present on the LG G3 at the moment, although Smart Notice is also found in the LG G4 and other recent LG handsets. So, if you receive an updated version of the app, you'll know what's up.

The researches at BugSec say they don't know of any cases in which the vulnerability has been exploited, be it by attackers or malware scripts. However, they do insist that the vulnerability is not merely theoretical, and the fact that LG patched up Smart Notice so soon after having it brought to their attention lends it enough credibility by itself.

If you would like to learn more, watch the video below, prepared by BugSec and Cynet.


source: BugSec via The Register

New reasons to get excited every week

Get the most important news, reviews and deals in mobile tech delivered straight to your inbox

FCC OKs Cingular\'s purchase of AT&T Wireless