The SNAP vulnerability was first discovered by BugSec security researchers Liran Segal and Shachar Korot.
Data can be taken from the phone contacts and manipulated.
The attack can take place in several ways due to functionality issues of the Smart Notice software.
The program pops notifications (named cards) in each of these scenarios:
?
Favorite contact notification Recommends you keep in touch with favorite contacts.
New contact suggestion Suggests saving a caller number.
Callback reminder Reminder to callback a contact after declining the call.
Birthday notification Reminder about contact birthday.
Memo reminder Provides notifications about user memos.
BugSecs research team said it had notified LG about the SNAP vulnerability in Smart Notice App.
LG has released the updated App with the patch to mitigate the vulnerability.
PoC video :
More details on the vulnerability can be found in a blog post by Bugsechere.
LG has so far not commented on the issue.
source: www.techworm.net
