Just over a week ago SEARCH-LAB Ltd discovered a “security issue threatening LG Smart Phone users” which could lead to a potential man-in-the-middle attack.
‘Just another security flaw,’ you might be thinking, ‘they’ll just patch it and everyone will forget it ever happened,’ but that’s where this story differs.
According to SEARCH-LAB Ltd “in November, 2014 [they] disclosed the technical details to the manufacturer” and “LG answered, that they were considering the fix for the newly launched models only.”
“Considering”? “Newly launched models only”? Not really the kind of response we have come to expect when a quite serious vulnerability has been discovered.
Out with the old
“Any vulnerability or security issue once found should be patched if at all possible as soon as they can. The fact that LG have chosen not to patch this particular one on current mobiles and only considering patching it on future mobiles, leaves a known security issue open for abuse for anyone to use as they see fit.”
Explains Mark James, ESET IT security specialist, he goes on to express his surprise that LG aren’t going to fix the issue on older mobile models.
“I am surprised by their stance to be honest, I appreciate there may be implications or cost issues with fixing this but it’s their job to ensure their software is as secure as it can be.”
Mark goes on to illustrate what LG owners should do for the time being.
“If you’re using an older LG phone, you need to seriously look at your automatic update options, by default it’s turned on.”
“If you’re using your phone for anything except just receiving calls then turning off automatic updates is the best option and doing your updates manually over a secure WIFI.
Join the ESET UK LinkedIn Group and stay up to date with the blog. If you’re interested in seeing where ESET has been featured in the news then check out our new ‘In the news’ section.
Do you own an LG phone? What precautions are you taking?