LG G3 'Snap' Vulnerability Leaves Owners At Risk of Data Theft (betanews.com)

← Back to Stories (view on slashdot.org)

LG G3 'Snap' Vulnerability Leaves Owners At Risk of Data Theft (betanews.com)

Posted by timothy on Sunday January 31, 2016 @09:38AM from the be-worried dept.

Mark Wilson writes: Security researchers have discovered a vulnerability in LG G3 smartphones which could be exploited to run arbitrary JavaScript to steal data. The issue has been named Snap, and was discovered by Israeli security firms BugSec and Cynet. What is particularly concerning about Snap is that it affects the Smart Notice which is installed on all LG G3s by default. By embedding malicious script in a contact, it is possible to use WebView to run server side code via JavaScript. If exploited, the vulnerability could be used to gather information from SD cards, steal data from the likes of WhatsApp, and steal private photos.

5 of 39 comments (clear)

Min score:

Reason:

Sort:

Another day, another Android security hole by Anonymous Coward · 2016-01-31 09:44 · Score: 0, Insightful

This is, again, why I have an iPhone
1. Re:Another day, another Android security hole by stoborrobots · 2016-01-31 09:54 · Score: 3, Insightful
  
  This is, again, why I have an iPhone.
  FTFY.
  
  --
  "Go to CNN [for a] spell-checked, fact-checked summary" -- CmdrTaco
2. Re:Another day, another Android security hole by Anonymous Coward · 2016-01-31 10:08 · Score: 4, Insightful
  
  Exactly, that's a nice list of patched vulnerabilities. Every one of those seems to be present in versions prior 9.2.
  Considering that the most prevalent version of Android is 4.4 Kit Kat, released in September 2013, this is also why I have an iPhone.
  While the G3 may (or may not) get an update to that specific piece of software, there are no guarantees. A similar vulnerability in an iOS would definitely be patched in the newest update.
3. Re:Another day, another Android security hole by EEPROMS · 2016-01-31 10:37 · Score: 5, Insightful
  
  This is also why I only have a Nexus, most of these security issues are with third party android handsets with most never getting timely updates (Google really needs to fix this issue). I buy a Nexus for the same reason you get an iphone, up_to_date_security_patches. Yes many of you will say "but, but you can use xyz third party android roms and they don't have this issue". The issue with that is android is now mainstream so 98% of android device owners do not have the ability or the knowledge to change the firmware. The fix is simple, Google needs to start enforcing better security policies on companies who want too use the Google android(tm) brand. People are just going to get sick of not having updates and move to GASP! Windows or Apple.
4. Re:Another day, another Android security hole by cyber-vandal · 2016-01-31 10:56 · Score: 5, Insightful
  
  These are all before 9.2 so have been patched on all devices from the 4S onwards. My Note 2 is still on KitKat and has numerous security vulnerabilities which Samsung don't give a shit about fixing.