LG patched a bug that exposed 10 million LG G3 owners to a serious security threat risking private data stored on the phone's microSD card. The flaw, dubbed SNAP vulnerability, was discovered by security researchers Liran Segal and Shachar Korot and could have affected 10 million G3 owners worldwide.
Security researchers at BugSec Group and Cynet security firms found the vulnerability resided in the LG Smart Notice app, which comes preloaded on the G3 smartphones to display notifications and suggestions useful to the user. The researchers informed LG about the vulnerability and the company quickly responded with a patch for the Smart Notice app.
"Using the vulnerability, an attacker can easily open the user device to data theft attack, extracting private information saved on the SD Card, including WhatsApp data and private images; put the user in danger of phishing attack by misleading the end-user; and enable the installation of a malicious program on the device," researchers wrote in a blog post on Thursday.
Users have been advised to immediately upgrade their Smart Notice app to the latest version available.
The risks involved with the SNAP vulnerability are extensive. According to ARS Technica, which posted a comprehensive report on how the exploit works, the vulnerability could be used to extract data from the G3's microSD card, remotely access any site using the browser and perform a full denial-of-service (DoS) attack on the device.
LG G3 is the company's 2014 flagship, which was received well by the consumers and critics alike. The company is currently working on its next flagship for 2016, dubbed LG G5, which is expected to be launched at the Mobile World Congress (MWC) 2016 in February. The new handset will compete against Samsung Galaxy S7 and Xiaomi Mi 5, which will be launched around the same time.