LG smartphones were vulnerable to cold-boot attacks for 7 years
Last month, LG developers released the security update LVE-SMP-200006 and fixed a vulnerability that affected all of the company’s Android smartphones. In fact, LG smartphones were vulnerable to cold-boot attacks for about 7 years.The problem got the identifier CVE-2020-12753, and it is related to the bootloader that comes with LG smartphones.
In March of this year, the American developer Max Thomas discovered this vulnerability in the bootloader.
“I reported this vulnerability in March and gave a 90 day delay on releasing specific details. Also the vulnerability doesn’t require user interaction from coldboot so it’s a bit nasty in that regard. But also this vulnerability sat around for 7 years so it could be argued that, if anything, 90 days is too long”, — explained Max Thomas.
The researcher writes that this bootloader has been added to LG smartphones, starting with the LG Nexus 5 series.
Let me remind you that we wrote about 0-day vulnerability in Android, which threatens Pixel, Samsung, Huawei and Xiaomi smartphones.
It turned out that the bootloader graphics package contains an error that allows attackers to inject their own code along with graphics, though only under certain conditions (for example, when the battery is running low or the device is in Download Mode).
“Google has done a lot of work to ensure that vendors can’t mess up Android security. However, bootloaders have a lot less oversight, so going after these vendor-specific bits of hardware bringup seemed extremely opportune for errors”, — writes Max Thomas.
This vulnerability affects all LG smartphones using QSEE (Qualcomm Secure Execution Environment) with firmware EL1 or EL3, as well as all LG devices running Android 7.2 and later.
Demonstration of the attack can be seen in this video.
It should be noted that CVE-2020-12753, in fact, is a cold boot attack, so, it can only be exploited if you have physical access and are connected to the target device.
The PoC exploit that created Max Thomas, and which he used to compromise the bootloader on the LG Stylo 4 smartphone, is already available on GitHub.
By the way, have you already tried to make a wallpaper for a phone from a picture that turns android smartphone into piece of stone?