CATEGORIES
home News

LG Patches Bootloader Security Exploit Impacting All Of Its Phones Dating Back 7 Years

by Shane McGlaunWednesday, June 03, 2020, 01:15 PM EDT
lg g8 thinq

LG released a security update last month that addresses a vulnerability that impacted a massive number of its smartphones. The security flaw, tracked as CVE-2020-12753, affected every single smartphone that LG made over the last seven years. The vulnerability was in the bootloader component that shipped with the LG devices.

Bootloaders are software components that are specific to each smartphone vendor and are the first code that runs inside the smartphone when a user turns the device on. Bootloaders are intended to ensure that the smartphone firmware and Android operating system start correctly and securely. LG's vulnerability was discovered by a U.S. security researcher, Max Thomas, in March 2020.

The vulnerability he discovered impacted the bootloader component in LG's smartphones, starting with the LG Nexus 5 series. A technical breakdown of the vulnerability was published this week, where the researcher noted the bootloader graphics package had a bug that allowed attackers to slip their own code in to run alongside the bootloader's graphics in certain circumstances. Two instances that Thomas pointed out where attackers had the chance to take advantage of the flaw were when the battery dies and when the bootloader's Download Mode was active.

Any attack that aimed to take advantage of that vulnerability would have to be perfectly timed, according to Thomas. If the attacker could time the attack perfectly, they would be able to run their own custom code, potentially allowing them to take over the bootloader and the entire device. The video above shows the CVE-2020-12753 vulnerability being taken advantage of. The only way an attacker could take advantage of this flaw would be to have physical access to the smartphone. The vulnerability was particularly concerning because it could give complete access to a lost or stolen smartphone.

All LG smartphones using the Qualcomm Secure Execution Environment (QSEE) chips on EL1 or EL3 runtime firmware, and all LG devices running Android 7.2 later were vulnerable to the attack. LG's patch to mitigate the flaw was released in early May. So if you recently grabbed the LG G8 ThinQ that saw its price reduced this week, it will likely need to be patched right out of the box.

Tags:  security, LG, Bootloader
TOP CONVERSATIONS
Your Next PC Platform?
More Results
KEEP INFORMED
SITE

Home

Reviews

News

Blogs

Full Site

Sitemap

CATEGORIES

PC Components

Systems

Mobile

IT Infrastructure

Leisure

Videos

COMPANY

About

Advertise

News Tips

Contact

Privacy And Terms

HotTech

MORE

Accessibility

Shop

STAY CONNECTED

Twitter

Facebook

YouTube

RSS

As an Amazon and Howl Technologies Associate, HotHardware earns a commission from qualifying purchases made on this site. This site is intended for informational and entertainment purposes only. The contents are the views and opinion of the author and/or his associates. All products and trademarks are the property of their respective owners. Reproduction in whole or in part, in any form or medium, without express written permission of Hot Hardware, Inc. is prohibited. All content and graphical elements are Copyright © 1999 - 2024 David Altavilla and Hot Hardware, Inc.
All rights reserved. Privacy and Terms - Accessibility Commitment