A troubling vulnerability has been uncovered that may make you think twice about ever even temporarily allowing a friend, partner or acquaintance to use your new LG V10 Android smartphone.
A YouTube user called “Matt OnYourScreen” came across the flaw, which potentially allows someone to gain unlimited access to the device in future.
The good news is that the attack requires physical access to the targeted LG V10 and cannot be achieved remotely. Furthermore, the victim has to be tricked into handing over their phone in the first place – perhaps by someone who asks to try out an app, or wants to make a quick phone call.
In his YouTube video, Matt OnYourScreen shows how the attack works.
Normally, to add a fingerprint to the phone, you would have to enter a security PIN to prove that you are authorised to do so. However, Matt found a way to use the Nova Launcher app to gain access to the fingerprint screen without any need to authenticate himself.
Within seconds he was able to add an additional fingerprint, meaning that any future time he had physical access to the LG V10 smartphone he would be able to unlock it.
It’s easy to imagine how such a security bypass could be used by jealous partners, a domestic abuser, and business rivals to snoop upon others.
Fortunately, so far it is believed that only Nova Launcher introduces this opportunity for unauthorised parties to access the fingerprint settings, but clearly if Nova Launcher can assist attackers in this way it would be possible for other software to do the same.
Even more fortunately, there is a simple way for LG V10 owners to stop someone else adding their fingerprint to the device. The LG V10 can only handle four fingerprints – if you have already told your LG V10 four of your fingerprints, an attacker isn’t able to add his or her own.
Of course, in an ideal world such tricks shouldn’t be necessary to stop your privacy being put at risk. Let’s hope that a proper fix will be forthcoming to prevent owners of LG V10 Android smartphones from being put at risk from snoopers.
Source:https://www.welivesecurity.com/
Working as a cyber security solutions architect, Alisa focuses on application and network security. Before joining us she held a cyber security researcher positions within a variety of cyber security start-ups. She also experience in different industry domains like finance, healthcare and consumer products.
