LG just fixed a bug that left 10 million G3 smartphones vulnerable

by: John DyeJanuary 28, 2016

lg g3 aa (2 of 22)

Last Thursday, Cynet revealed that their researchers, in collaboration with BugSec, had discovered a pretty serious vulnerability affecting LG G3 smartphones. They let LG know about the issue prior to publicizing it, and the company reacted quickly. A patch is now available that closes the data-theft hole, and LG is encouraging all G3 owners to update their devices as soon as possible.

The bug resides in a particular app called Smart Notice that comes pre-installed on LG G3 smartphones. The notification platform serves to ferry a variety of relevant information to users, but what it failed to do was vet data before presenting it. Researchers discovered it was possible to manipulate data in such a way that malicious code could be executed remotely.

lg-pay-whitecard_3_3See also: LG wants to replace all your credit cards with White Card, coming at MWC7

“The vulnerability can easily lead to authentic phishing attacks and to a full denial of service (DOS) on the device,” wrote Cynet. Since the app is pre-installed, the number of affected devices is estimated to be a staggering 10 million worldwide.

For those interested, Ars Technica has composed a more comprehensive write-up detailing the workings of this exploit and the two ways researchers were able to compromise devices through the bug. In the meantime, if you’ve got an G3 or know someone who does, better get that thing updated pronto.

What are your thoughts regarding this vulnerability and the way LG handled it? After the (false?) scare with the Linux bug earlier this month, it’s always good to hear about patches that make our devices and sensitive information safer and more secure. As always, let us know your thoughts and opinions in the comments below!

Next: Best Android phones (January 2016)

  • Techn9cian46

    I have a G3, but no worries, I’m running Resurrection Remix 5.6.0 based off CM13

  • android user

    “The bug resides in a particular app called Smart Notice that comes PRE-INSTALLED on LG G3 smartphones.”
    One more reason to screw stock firmware and go custom. Props to LG, though.

  • Mike Bastable

    Where to update?

  • No update yet on my Vodafone LG G3

  • Matt Lowe

    Good on LG for the quick reaction..but I bet Verizon will delay it some ungodly amount of time. Makes me glad I’m on custom firmware.

  • Ines

    If not done by LG or phone carrier, should specify where to go for update!

  • Mohd Danial

    Problem with android is service providers are slowing down the update which leads to more problems in the future

  • Umesh Krishna

    I am using LG g3, but running on CM 12.1 snapshot version(waiting for xposed on marshmallow, so no CM 13). No worries here too.

  • Thrasher

    Exactly as said above. The article is useless without instructions how to update. My phone is not offering me any updates OTA or through LG PC Suite.

  • Max

    Would disabling smart notice notifications do anything to help?

  • Circy

    Yeah, I froze everything that I don’t use ,with Titanium Backup… I did this after Verizon backdoored me using what I suspect was the my Verizon app (I saw superuser granting it access on the toast notification) jerks denied me a replacement because my touch screen not working on my phone was because I was “rooted”… Jerks (Bestbuy geek plan replaced it though, sad You have to carry multiple protection plans just to cover your @$$. BTW Verizon ” total protection plan” totally sucks wasted at least 10 hours of my life troubleshooting and being jerked around on multiple devices over the years…Bestbuy never took more than 10 minutes to get me squared away…Verizon seems more focused on selling you a new phone instead of honoring any protection to your device…) Sorry for the rant ,but I never trust any stock apps. Stock apps are full of ways in ex. DtIgnite is a bloat adding software that auto installs apps to your system based on location and what it thinks you will like but likely you will hate it…like candy crush ugh! So like everyone else has said… Power to the all mighty custom roms and to the people ,not the carriers which take to long for updates because there trying to find more ways to spy on you and make advertising cash off of you! (And not share the $ with ya….basically there like pimps and there customers are there ho’s) (I ain’t no ho!) ;) oh and yeah where is this update??? Why not just allow users to disable or remove what they don’t want then there would be no need for an update, just instructions…. Ahh where’s the freedom all gone…. *Wins longest post award*