News

LG closes leaks in its own backup software that gives access to Dropbox data

By admin
Spread the love

LG closed leaks in its own SmartShare.Cloud application late last year, which allows users to manage backups. MWR Labs discovered the vulnerabilities and now reports that the LG G3, G4, and G5 were vulnerable and allowed access to Dropbox data.

It concerns two leaks, writes MWR Labs. The first allows an attacker on the same network as the victim to intercept an API call to Dropbox. If the attacker has knowledge of file or folder names, by modifying the request, he can make the folder or file shareable and thus gain access. The victim wouldn’t have to do anything for this and he wouldn’t notice it either.

According to the security company, this makes folders with obvious names such as ‘documents’ and ‘images’ easy to find. The second leak is related to the first and then allowed the attacker to query the files he knew by name without authentication. For this, the attacker also had to be present on the same network.

LG has implemented the patches in version 2.4.0 of the SmartShare.Cloud application by introducing encryption and signing and checking the origin and purpose of requests.

You might also like
News

Rumor: Apple is working on its own applications based on a large language model

News

EU Council determines position on security requirements for digital products

News

Microsoft and Activision Blizzard postpone acquisition deadline until October

News

Citrix warns of critical vulnerability in NetScaler ADC and Gateway

News

Samsung develops first GDDR7 chips, mentions bandwidths of up to 32Gbit/s per pin

News

Microsoft announces Bing Chat Enterprise and Copilot pricing for businesses

Exit mobile version