LG keyboard (com.lge.ime) downloads handwriting languages through unsecured HTTP connection. MITM proxy allows an attacker to replace language related files and through path-traversal vulnerability to overwrite any file in the app’s sandbox directory. The attacker can push a native lib in the app’s internal directory and indicate it as the input method extension library in the app’s configuration file.

LG Vulnerability ID: LVE-SMP-170025