One can allow a crook to wipe devices clean

May 29, 2016 21:10 GMT  ·  By

Two researchers from Check Point's mobile security division uncovered two vulnerabilities in LG's custom modification of the Android OS, which enable attackers to take control of the device.

The researchers presented their findings at this year's LayerOne security conference, but not before working with LG to address the issues.

Despite Google's best efforts to secure the Android OS, changes made to the operating system by various OEMs introduced new vulnerabilities unique to those devices alone. In LG's case, these two vulnerabilities affected one in five mobile devices in the US, according to data from a recent comScore survey.

CVE-2016-3117: Privilege escalation leads to device bricking

The first issue the two presented is a privilege escalation in the Android LG service called LGATCMDService. The researchers discovered that a malicious app could connect to this service, regardless of its original access privileges and get "atd" user permissions.

An attacker could read or even write new IMEI and MAC addresses, disable the USB connection, reboot the smartphone on demand, wipe a phone's memory, or even brick the device completely.

"Ransomware would find these features very useful by locking a user out of a device and then disabling the ability to retrieve files by connecting the device with a computer via USB," the researchers said.

CVE-2016-2035: SQL injection leads to phishing

The second issue the researchers helped LG fix is as dangerous as the first one and can be found in the WAP Push protocol that's used to send URLs to mobile devices via the SMS protocol.

The two FireEye researchers claim that an SQL injection in the components of this protocol can be used to allow attackers to control the links sent to user devices.

The attacker can push URLs into unread SMS messages and distribute links to malicious apps or credentials-stealing phishing pages.