LG has released fixes for two serious vulnerabilities affecting the company’s Android smartphones, including a flaw that can be exploited remotely to delete and modify text messages.
The vulnerabilities were discovered by researchers at security firm Check Point, who disclosed the issues after the vendor developed patches. It’s worth noting that LG is estimated to have a share of nearly 10 percent in the U.S. smartphone market.
Google releases security updates for Android every month, but since each original equipment manufacturer (OEM) makes its own modifications to the operating system, some vulnerabilities are specific to their devices.
According to Check Point researchers, LG smartphones are plagued by two serious flaws. One of them, an issue that can be exploited locally, is related to a privileged LG service named “LGATCMDService.”
Since this service is not protected by a bind permission, any app, regardless of its permissions or origin, can communicate with it. This allows attackers to connect to it and perform various actions, including reading and overwriting the IMEI and MAC address, rebooting the device, disabling a USB connection, wiping the device, and even bricking it completely.
The vulnerability, tracked as CVE-2016-3117, could be highly useful for a piece of ransomware.
“Ransomware would find these features very useful by locking a user out of a device and then disabling the ability to retrieve files by connecting the device with a computer via USB,” said Check Point researchers.
The second flaw found by experts, tracked as CVE-2016-2035, is related to LG’s implementation of WAP Push, a protocol used for text messages that contain links to websites.
The protocol, designed for use by mobile carriers, is affected by a SQL injection vulnerability. Since the WAP Push protocol includes features for updating and deleting text messages, a remote attacker can exploit the flaw to delete or modify any message from the targeted smartphone.
“A potential attacker could use this vulnerability to conduct credential theft or to fool a user into installing a malicious app. The attacker could modify a user’s unread SMS messages and add a malicious URL to redirect the user to download a malicious app or to a fake overlay to steal credentials,” explained Check Point researchers.