Some examples of how this kind of attack can manifest include things like spoofing a favorite contact, which reminds you to keep in touch with friends, new contact suggestions, which recommends saving a caller’s number, callback reminders, birthday notifications, and other types of notifications.
Again, all the user has to do is accept and save the notification in order for the script to be successfully installed, so if a user gets a (spoofed) notification of someone’s birthday and isn’t paying attention before hitting save to load the date into their calendar, it’s quite easy for the hackers to gain access to the data stored on your phone.
The good news is that LG hasn’t taken news of the security issue lying down. The company has recently released an updated version of the app, which adds an authentication step to the notification feature, making spoofed cards far less likely to succeed, because un-authenticated data will never be displayed to the user in the first place. This is a critical update for all LG phone owners, so be sure to allow this one the next time you’re doing app updates on your device.