Home > Cyber News > CVE-2020-12753: Bug in LG Smartphones from the Past 7 Years
CYBER NEWS

CVE-2020-12753: Bug in LG Smartphones from the Past 7 Years

by   |  Last Update:  |  0 Comments  

A new vulnerability in LG smartphones, CVE-2020-12753, was recently discovering, affecting models from the past seven years.

A security update has been issued that addresses the vulnerability which impacts the bootloader component in LG smartphones. This component is separate from Android, as it is firmware which is specific to each smartphone maker.

What is a bootloader component?
The bootloader component is the first piece of code that rungs when the smartphone is started. Its purpose is to ensure the safe start of both the operating system and the firmware of the device.

More about CVE-2020-12753

The vulnerability was discovered in March by software engineer Max Thomas from the United States. According to his technical writeup dedicated to the flaw, CVE-2020-12753 is “a bootloader vulnerability affecting most Qualcomm-based LG phones since the Nexus 5, all the way up to my test device, the LG Stylo 4 Q710 (and 5 Q720), and probably others.”

The researcher says that the bug exists in the bootloader component’s graphics package. The bug allows attackers to implement their own code alongside the bootloader’s graphics. However, specific conditions need to be met relating to when the device’s battery drains, and when the device is in the bootloader’s Download Mode.

Related: [wplinkpreview url=”https://sensorstechforum.com/cve-2018-5407-portsmash/”] CVE-2018-5407: Portsmash Side-channel Vulnerability Is a New CPU Bug

A perfectly timed attack enables attackers to run their own custom code, thus taking over the bootloader. Once this happens, taking over the entire device is also possible. This type of attack is known as a cold boot attack.

To be more precise, a cold boot attack is a type of side channel attack in which an attacker with physical access to a device performs a memory dump of a device’s random access memory (RAM) by performing a hard reset of the targeted device. In other words, this type of attack requires physical access to the device. That being said, the vulnerability can be exploited on stolen devices.

A patch has already been released in the LVE-SMP-200006 security update.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:
Twitter

Related posts:
  1. Adobe Patches 112 Vulnerabilities in Latest Patch Package (CVE-2018-5007) Adobe has released the latest patch package that addresses a...
  2. Out-of-Band Security Updates for CVE-2020-17022, CVE-2020-17023 Two out-of-band security updates addressing the CVE-2020-17022 and CVE-2020-17023 vulnerabilities...
  3. CVE-2020-10713: BootHole Flaw Affects Virtually Every Linux Distribution BootHole is a new vulnerability in the GRUB2 bootloader used...
  4. CVE-2020-1464: Microsoft Didn’t Patch Zero-Day for 2 Years The CVE-2020-1464 vulnerability was part of the 120 security flaws...
  5. New Critical Bugs in Firefox, Chrome and Edge (CVE-2020-16044) Users should patch several new browser vulnerabilities affecting Chrome, Firefox,...
  6. CVE-2020-15999: FreeType Zero-Day Bug in Chrome Exploited in the Wild Are you running the latest version of Google Chrome (currently...
  7. CVE-2020-13777: Vulnerability in GnuTLS Hiding for 2 Years CVE-2020-13777 is a vulnerability in GnuTLS, a widely adopted, open...
  8. .bug Virus File (Bug Ransomware) – How to Remove It .bug file extension is placed on all of your files?...

Leave a Comment

Your email address will not be published. Required fields are marked *

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Privacy Policy.
I Agree