Wednesday, June 19, 2024

Critical Remote Code Execution on all Mainstream LG Smartphone Models

Multiple Critical vulnerabilities patched by LG that resides on default keyboard on all
mainstream LG smartphone models. Both the vulnerabilities allow attackers to execute remote code on LG devices with escalated privileges.

Security researchers from Checkpoint disclosed both vulnerabilities to LG and they disclosed a combined patch for both the vulnerabilities(LVE-SMP-170025).

The first vulnerability was due to the use of insecure HTTP connection. When the user defines some other language than English or an update for the existing one the devices reach to the hardcoded server to get the requested language file.

Then the requested language file is downloaded through insecure HTTP connection which exposes to a Man-in-The-Middle attack, allows a remote attacker to download the malicious file instead of the original language file.

Also Read: “Hide ‘N Seek” the First IoT Botnet with the Ability to Survive Device Reboots

The second one was a validation flaw, the resource file location depends upon the name indicated in the metadata files(files.txt). According to researchers, the resource file within the LG keyboard package sandbox can be modified.

LG’s keyboard grants executable permissions to all downloaded .so extension files. So the attacker could inject a rogue lib file with extension .so extension and it will be marked on the disk as executable.

The keyboard application will load the libs indicated by the Engine properties on the application’s startup and the rogue lib will be loaded as soon as the keyboard process restarts.

“Once we manage to inject the rouge lib inside Engine.properties, all we need to do is wait for the application to restart and load the library. That is our ultimate goal and the moment it is reached then the attack ends.” researchers concluded.

LG also provided patches for RCE(Remote code execution) Vulnerability(LVE-SMP-170025) in LGE IME application that affects the following Android devices with OS 4.4, 5.0, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0.

Website

Latest articles

Singapore Police Arrested Two Individuals Involved in Hacking Android Devices

The Singapore Police Force (SPF) has arrested two men, aged 26 and 47, for...

CISA Conducts First-Ever Tabletop Exercise Focused on AI Cyber Incident Response

On June 13, 2024, the Cybersecurity and Infrastructure Security Agency (CISA) made history by...

Europol Taken Down 13 Websites Linked to Terrorist Operations

Europol and law enforcement agencies from ten countries have taken down 13 websites linked...

New ARM ‘TIKTAG’ Attack Impacts Google Chrome, Linux Systems

Memory corruption lets attackers hijack control flow, execute code, elevate privileges, and leak data.ARM's...

Operation Celestial Force Employing Android And Windows Malware To Attack Indian Users

A Pakistani threat actor group, Cosmic Leopard, has been conducting a multi-year cyber espionage...

Hunt3r Kill3rs Group claims they Infiltrated Schneider Electric Systems in Germany

The notorious cybercriminal group Hunt3r Kill3rs has claimed responsibility for infiltrating Schneider Electric's systems...

Hackers Employing New Techniques To Attack Docker API

Attackers behind Spinning YARN launched a new cryptojacking campaign targeting publicly exposed Docker Engine...
Guru baran
Guru baranhttps://gbhackers.com
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Free Webinar

API Vulnerability Scanning

71% of the internet traffic comes from APIs so APIs have become soft targets for hackers.Securing APIs is a simple workflow provided you find API specific vulnerabilities and protect them.In the upcoming webinar, join Vivek Gopalan, VP of Products at Indusface as he takes you through the fundamentals of API vulnerability scanning..
Key takeaways include:

  • Scan API endpoints for OWASP API Top 10 vulnerabilities
  • Perform API penetration testing for business logic vulnerabilities
  • Prioritize the most critical vulnerabilities with AcuRisQ
  • Workflow automation for this entire process

Related Articles