As reported by The Register, this was discovered by security firms BugSec and Cynet who recently came across a vulnerability found on the phone, and it seems that this vulnerability was created by LG themselves through one of the phone’s features: Smart Notice. The bug is dubbed SNAP and basically what it does is that it could potentially allow malicious hackers to run phishing scams, access private data, and potentially cause the device to crash.
Apparently this is because LG had apparently forgotten to validate user-submitted data, which in turn allows these attacks to go through unfettered. According to Idan Cohen, BugSec’s CTO, “The vulnerability might be used to steal data. We don’t know for sure this has actually happened and we haven’t seen any malware that uses it. One thing is clear: This vulnerability is not just theoretical.”
The good news is that after being contacted by BugSec, LG then released a patch for Smart Notice which should address the problem. So if you have noticed that there is a patch waiting for you, then you should probably go ahead and do it. Note that because this seems to be a feature-specific problem, only the LG G3 out of all of LG’s devices are affected by this problem. You can check out the vulnerability being exploited in the demo video below.