Information

LG keyboard (com.lge.ime) downloads handwriting languages through unsecured HTTP connection. MITM proxy allows an attacker to replace language related files and through path-traversal vulnerability to overwrite any file in the app’s sandbox directory. The attacker can push a native lib in the app’s internal directory and indicate it as the input method extension library in the app’s configuration file.

LVE-SMP-170025



References:
https://lgsecurity.lge.com/security_updates.html
https://research.checkpoint.com/lg-keyboard-vulnerabilities/
https://threatpost.com/severe-keyboard-flaws-in-lg-smartphones-allow-remote-code-execution/131829/