Be Careful about the Unauthorized Fingerprint Access on LG V10

Share on Reddit0Tweet about this on TwitterShare on Facebook0Share on Google+2

A new vulnerability has been uncovered to an Android device that many of you might own and use at this point. So, let me tell you that you must think twice before letting someone else to use your LG V10 smartphone. A regular YouTube user called “Matt OnYourScreen” discovered this flaw which allows someone to gain unlimited access to the device in future.

However, you should realize that this is possible only if that person has physical access to the targeted LG V10 and the attack cannot be achieved remotely. So, in normal conditions, to add a fingerprint to the phone, you would have to enter a security PIN in order to prove that you are authorised for doing that.

But there are always exceptions to the rule and Matt found a way to use the Nova Launcher app to gain access to the fingerprint screen without any need for authentication. Do you want to find out more about this in order to be able to protect yourself? You will be surprised to see how easy is to get access to this hansdet:

How to Get Unauthorized Fingerprint Access to LG V10:

This vulnerability can only work on this particular launcher so far, so don’t worry for nothing. However, if Nova Launcher is there, then it can introduce this opportunity for unauthorised parties to access the fingerprint settings and you should be prepared for anything:

  1. To be more precise, you can tap the Home button while on the main home screen;
  2. Up next, tap the Widgets option;
  3. Add a Nova Action widget to the home screen;
  4. Now, you must choose the activity “com.lge.fingerprintsettings”;
  5. Pause here for a second. Through the normal Settings menu, it’s impossible to access this particular activity before going through a security checkpoint and confirming either a fingerprint or the PIN. Anyway, Nova can ignore the normal menu flow that leads to this screen, so it creates this situation where the users can add their fingerprint as well even without proving that they have authorized access to the device; and here’s where the issue is coming from;
  6. The widget on the homescreen will lead directly to fingerprint settings;
  7. All you have to do is to simply add your own fingerprint before deleting the widget;
  8. Unless the additional fingerprint is noticed and deleted in time, then you can be sure of the fact that you will have unlimited access to the device.
Share on Reddit0Tweet about this on TwitterShare on Facebook0Share on Google+2

Mike Blass