Lumension® Endpoint Intelligence Center

Intelligence Center » News Archive » LG's Update Center app fails to check server's SSL certificate, MitM risk

LG's Update Center app fails to check server's SSL certificate, MitM risk

2015/06/29

Softpedia - (International) Security researchers from Search-Lab discovered a vulnerability in LG's Update Center application on Android phones in which an attacker could exploit the fact that the app does not check the secure sockets layer/transport layer security (SSL/TLS) certificate of the update server to execute a man-in-the-middle (MitM) attack and install arbitrary applications on the device.

Source: http://news.softpedia.com/news/lg-s-update-center-app-fails-to-check-server-s-ssl-certificate-mitm-risk-485551.shtml

Note: This news synopsis is taken from the DHS Daily Open Source Infrastructure Report, a daily [Monday through Friday, except US Federal holidays] summary of open-source published information concerning significant critical infrastructure issues; a 10-day archive of the DOSIR can be found at: http://www.dhs.gov/dhs-daily-open-source-infrastructure-report.


Last Updated: 27 May 2016 10:24:35