Home / Uncategorized / Security Exploit Discovered on LG Android Smartphones
130627-lg

Security Exploit Discovered on LG Android Smartphones

If you own any of more than 40 different Android smartphones from LG, you might want to a pay attention. A vulnerability has been discovered that could effectively allow a hacker to compromise your device remotely.

The security exploit was found in the Sprite Backup software that is pre-loaded on several LG Android smartphones, including the Optimus G Pro, the Mach, Prada, Optimus LTE 3 and the 3D Cube. Security researcher Justin Case (is that his real name?) found an “odd binary in an update” in the spritebud backend of that backup solution. In effect, spritebud has root access to the device and with the right crafted backup, “we can write to, change permission and change ownership of any file.”

To demonstrate the attack, Case created a backup that when a “restore” command is initiated, an extra directory and 50MB file are written to the phone. This creates a lag, opening up a window of opportunity to dump “another script that roots the device and executes the script in the kernel.” The vulnerability affects backup version 2.5.4105 and spritebud 1.3.24.

Sprite Backup has acknolwedged the vulnerability and are working on a fix, but no specific timeline has been announced.

[Source]

Comments

comments

About Michael Kwan

A freelance writer and tech geek from Vancouver. Find me at michaelkwan.com and follow me on Twitter @michaelkwan.

Check Also

wii-oculus-rift-hoverboard

Try Oculus Rift And Wii To Roam Around On The Back To The Future Hoverboard

Check out how you can fly in virtual space by using an Oculus Rift and a Wii Balance Board.

One comment

  1. Charles Holman

    A complete list of all affected phones would be greatly appreciated as I own an LG Esteem & my wife owns an LG motion. Thank You.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>