Pocketables

News and reviews for the hype weary

Locked up Keyboard from Pixabay
Android

LG keyboard/handwriting remote vulnerability getting exploited/patched

Paul E King 0 Comments

Virus - for some reason we don't have an alt tag hereIt appears the default LG keyboard and handwriting apps had problems that allowed for a hacker hanging out in a coffee shop (or just their $30 Raspberry Pi,)  to play man in the middle and drop off their code in your phone due to LG’s messed up updating logic.

LG was using HTTP and not HTTPS for updates. That could potentially invite someone to play man in the middle and load code into the apps as an update to run with privileges later on.

While a long shot, with 20% of the Android population sporting LG phones that’s at least a couple thousand people getting their phones infected without much trouble.

LG’s rolling out a security update in their May patches, so make sure to grab them if you’re able.

Checkpoint has a very good technical writeup of how the vulnerability presents, and how it’s exploited.

Users of LG phones can go to settings / update, or if there’s no update available just not get on WiFi they don’t trust.

Alternately you can spend some money on a VPN so nobody can execute a man in the middle attack. I’d just suggest updating the phone and until then staying off of WiFi you don’t trust.

Pocketables does not accept targeted advertising, phony guest posts, paid reviews, etc. Help us keep this way with support on Patreon!
Become a patron at Patreon!

Paul E King

Paul King started with GoodAndEVO in 2011, which merged with Pocketables, and as of 2018 he's evidently the owner. He lives in Nashville, works at a film production company, is married with two kids. Facebook | Twitter | Donate | More posts by Paul | Subscribe to Paul's posts

Avatar of Paul E King