All LG smartphones are vulnerable to privilege escalation flaw which can be exploited to brick the deviceCVE-2016-3117CVE-2016-2035

Two researchers from Check Point’s mobile security division have uncovered two vulnerabilities in LG’s custom modification of the Android OS which enables attackers to take control of the device. The researchers said that the vulnerabilities existed in the way LG customises Android to suit its own UI with a service called LGATCMDService which is available in all LG smartphones.

CVE-2016-3117

Check Point researchers found that the hackers could exploit the Android LG service called LGATCMDService. The researchers discovered that a malicious app could connect to this service, regardless of its original access privileges and get “atd” user permissions. Once the potential hacker has gained access to the victim’s LG smartphone, the attacker read/write new IMEI and MAC addresses, disable the USB connection, reboot the smartphone on demand, wipe a phone’s memory, or even brick the device completely. The access to atd can be used by hackers to :

read and overwrite private identifiers like the IMEI and MAC address reboot a device disable a device’s USB connection wipe a device brick a device completely

The researchers said that this vulnerability could be of specific interest to ransomware creators. They could use malicious script to exploit this particular vulnerability and lock the LG smartphones in exchange for ransom. “Ransomware would find these features very useful by locking a user out of a device and then disabling the ability to retrieve files by connecting the device with a computer via USB,” the researchers said.

CVE-2016-2035

The second vulnerability discovered by the researchers allows remote attacker to delete or modify SMS messages received on a device. Though not as menacing as the first one, this vulnerability exploits LG’s unique implementation of the WAP Push protocol. WAP Push is the SMS protocol (PDU) used to send URLs to mobile devices. The researchers says that this protocol was intended for the use by mobile carriers rather than users and includes “update” and “delete” features. LG’s implementation contained an SQL injection vulnerability that allowed attackers to send messages to devices with the ability to delete or modify all text messages stored on the device. A potential attacker could use this vulnerability to conduct credential theft or to fool a user into installing a malicious app. The attacker could modify a user’s unread SMS messages and add a malicious URL to redirect the user to download a malicious app or to a fake overlay to steal credentials. Check Point says that it has informed LG about both the vulnerabilities but millions of LG smartphones could still be vulnerable to any of the two attacks. If you own a LG smartphone, you are advised to take these steps.

Examine carefully any app installation request before accepting it to make sure it is legitimate. Check with LG for recent patches to mitigate the threat Use a personal mobile security solution that monitors your device for any malicious behavior. Always delete unwanted/suspicious links received even from family and friends.