SNAP vulnerability puts millions of LG flagship G3 smartphones at risk

Hackers can hack LG G3 smartphones using SNAP vulnerability in Smart Notice App

Security researchers from BugSec and Cynet have discovered a critical vulnerability in LG G3 smartphones which can allow a potential hacker to runย arbitrary JavaScript code on the devices. ย Once the vulnerability is exploited, the hacker can steal sensitive data theft, launch phishing attacks and lead to a denial of service (DOS) on the device.

The vulnerability named SNAP bug resides in every LG smartphone including its flagship LG G3 due to a native application called Smart Notice.

Theย โ€˜SNAPโ€™ vulnerability was first discovered by BugSec security researchers Liran Segal and Shachar Korot. It is a critical flaw in one of the LG G3 applications, Smart Notice, which comes pre-installed with all LG smartphones.

The security flaw is rooted in a bug in one of the pre-installed LG applications, Smart Notice, which exists on every new LG G3 device. LG debuted its Smart Notice app with the G3 andย displays to users the recent notifications (named “cards”) ย that can be forgedย to inject unauthenticated malicious code. The bug is highly critical because the Smart Notice App is enabled by default and always in a ‘on state’.

The root cause for the security problem is the fact that Smart Notice does not validate the dataย presented to the users. Data can be taken from the phone contacts and manipulated. Theย attack can take place in several ways due to functionality issues of the Smart Notice application.ย The application pops notifications (named โ€˜cardsโ€™) in each of these scenarios:

? Favorite contact notification โ€“ Recommends you keep in touch with favorite contacts.

? New contact suggestion โ€“ Suggests saving a caller number.

? Callback reminder โ€“ Reminder to callback a contact after declining the call.

? Birthday notification โ€“ Reminder about contact birthday.

? Memo reminder โ€“ Provides notifications about user memos.

The BugSec researchers used a long contact name which is notย seen by the user, but will still be activated by the application. Afterwards, a delivery method wasย needed for which they created two delivery vectors to test the bug :

The QR Vector โ€“ by using social engineering, the hackers have justย publish an ad asking the victim to scan theย following QR code that will open a โ€œsave the contactโ€ window, which requires only an approvalย click by the user.

The WhatsApp\MMS Vector โ€“ also by using social engineering, the hackers can send a contact (with aย forged source) that will be saved by the users.

By exploiting this SNAP vulnerability, a potential hacker can easily steal sensitive data from the device SD card, including WhatsApp data and images, and can also mislead the end user into phishing scams and drive-by attacks.

The BugSec researchers said that LG G3 users need to only save a maliciously constructed notification message for the exploit to work. Once the malicious message resides on the smartphone, the hacker would do his malicious work without any warning or signal to the smartphone owner.

BugSecโ€™s research team said it had notified LG about the SNAP vulnerability in Smart Notice App. LG has released the updated App with the patch to mitigate the vulnerability.

PoC video :

More details on the vulnerability can be found in a blog post by Bugsec here. ย LG has so far not commented on the issue.

Subscribe to our newsletter

To be updated with all the latest news

1 COMMENT

  1. I SPENT 1 HOUR ONLINE WITH LG REP AND SHE WAS UNAWARE AND UNABLE TO PROVIDE A LINK OR UPDATE PROCESS TO FIX THIS SNAP VULNERABILITY. SHE STATED SEVERAL TIMES EVEN AFTER I PRESSURED SOME ABOUT THIS ARTICLE AND OTHERS WHAT THE LG RESPONSE WRITTEN IN THE ARTICLE AND SHE CONSULTED SUPERVISORS THAT WERE NOT AWARE OF A FIX. CAN WE RESEARCH THIS AND GET BACK TO YOU IN 24 TO 48 BUSINESS HOURS? MY ANSWER IS NOW YOU PROMISE ME LG WILL BE FULLY RESPONSIBLE FOR IDENTITY THEFT AND ANY OTHER NEGATIVE CONSEQUENCES IF MY PHONE GETS EXPLOITED. NOT ABLE TO PROMISE THAT.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Subscribe to our newsletter

To be updated with all the latest news

Read More

Suggested Post