AN LG PHONE THAT some people might have been using has been wandering around with a gaping vulnerability that could have leaked bucket loads of data and personal information.
The phone is the LG G3, and we can confirm that it has a large rectangular screen and looks like a modern smartphone. It has been unseated by a number 4 option that shares some of the same features.
A firm called Cynet, which is part of an outfit called BugSec, has had a closer look at the guts of the beast and uncovered a soft and stupid underbelly called Smart Notice.
"The SNAP vulnerability is a flaw in one of the LG applications, Smart Notice, which is pre-installed on every new LG device. Smart Notice displays to users recent notifications that can be forged to inject unauthenticated malicious code."
It's fixed, apparently, but there is plenty to say. So far we have not heard back from LG with its side of the story.
The full Cynet report, which comes with a video (below), finds evidence of a mile-wide data gap that can allow the removal of WhatsApp data and any gubbins that might be saved on any local SD cards.
"Using the vulnerability, an attacker can easily open the user to data theft attack, extracting private information saved on the SD card including WhatsApp data and private images. It can also put the user in danger of phishing attacks, and enable the installation of a malicious program on the device," the firm said.
"We informed LG, which responded quickly to the vulnerability, and we encourage users to immediately upgrade to the new Smart Notice release which contains a patch."