Two High-Severity Vulnerabilities Discovered for the LG G3, G4 and G5
We generally get alerted to Android vulnerabilities for major phones like the Nexus/Pixel phones, LG and Samsung phones directly by these companies on a monthly basis. Sometimes though, there are some exploits discovered in the middle of the month and that’s what has happened with LG right now.
The first one we want to talk about has been labeled the LG Cloud Backup Application Path Traversal Vulnerability, and it is said to work on the LG G3, G4 and G5 devices. This vulnerability is happening with the LG SmartShare.Cloud application, which is a gateway to various cloud services such as Dropbox and Box. So a Path Traversal vulnerability was discovered with this application that allows an attacker to change the API call being made to Dropbox.
As a result, an attacker could make a file or folder shareable without requiring authentication or user interaction if they knew a name of the file or folder stored on Dropbox. The second vulnerability listed by MWR Labs has been labeled the LG G3 Arbitrary File Retrieval from Cloud Services, and it too is said to affect the LG G3, G4 and the G5 from LG. Again, this vulnerability is possible because of the LG SmartShare.Cloud application that is provided by the OEM.
This time though, a vulnerability was discovered that allows an attacker to retrieve a file from the SmartShare.Cloud application without authentication or user interaction. This is possible because the application itself starts an HTTP Server listening on all interfaces when the smartphone is connected to a WiFi network. Both of these vulnerabilities are only possible if the attacker is on the same network that the LG G3, G4 or G5 is on.Source: MWR Labs