CVE-2016-10135 in Device
Summary
by MITRE
An issue was discovered on LG devices using the MTK chipset with L(5.0/5.1), M(6.0/6.0.1), and N(7.0) software, and RCA Voyager Tablet, BLU Advance 5.0, and BLU R1 HD devices. The MTKLogger app with a package name of com.mediatek.mtklogger has application components that are accessible to any application that resides on the device. Namely, the com.mediatek.mtklogger.framework.LogReceiver and com.mediatek.mtklogger.framework.MTKLoggerService application components are exported since they contain an intent filter, are not protected by a custom permission, and do not explicitly set the android:exported attribute to false. Therefore, these components are exported by default and are thus accessible to any third party application by using android.content.Intent object for communication. These application components can be used to start and stop the logs using Intent objects with embedded data. The available logs are the GPS log, modem log, network log, and mobile log. The base directory that contains the directories for the 4 types of logs is /sdcard/mtklog which makes them accessible to apps that require the READ_EXTERNAL_STORAGE permission. The GPS log contains the GPS coordinates of the user as well as a timestamp for the coordinates. The modem log contains AT commands and their parameters which allow the user's outgoing and incoming calls and text messages to be obtained. The network log is a tcpdump network capture. The mobile log contains the Android log, which is not available to third-party apps as of Android 4.1. The LG ID is LVE-SMP-160019.
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Analysis
by VulDB Data Team • 05/13/2026
The vulnerability identified as CVE-2016-10135 represents a critical security flaw in certain LG devices and tablets that utilize MediaTek chipsets running specific Android versions. This issue affects devices running Android versions 5.0/5.1, 6.0/6.0.1, and 7.0, including models such as the RCA Voyager Tablet, BLU Advance 5.0, and BLU R1 HD. The root cause lies within the MTKLogger application component that ships with these devices, specifically the com.mediatek.mtklogger package. This application contains two key exported components that create a significant security risk by exposing sensitive logging functionality to any application on the device without proper access controls.
The technical flaw manifests through the improper configuration of application components within the MTKLogger app. Specifically, the LogReceiver and MTKLoggerService components are exported due to missing security attributes and lack of proper permission protection. These components contain intent filters that make them accessible to any third-party application on the device. The absence of explicit android:exported="false" attribute and the lack of custom permission requirements creates an unintended attack surface where malicious applications can communicate with these components using android.content.Intent objects. This configuration allows unauthorized access to critical system logging capabilities that should remain restricted to system-level applications.
The operational impact of this vulnerability is substantial and multifaceted. Attackers can leverage these exported components to manipulate various types of system logs including GPS logs, modem logs, network logs, and mobile logs. The GPS logs contain precise location data with timestamps, potentially enabling location tracking without user consent. The modem logs capture AT commands and their parameters, providing access to call and messaging metadata that could reveal sensitive communication patterns. Network logs contain tcpdump captures that may expose network traffic analysis, while mobile logs provide access to Android system logs that were traditionally restricted to third-party applications. All these logs are stored in the /sdcard/mtklog directory structure, making them accessible to applications with READ_EXTERNAL_STORAGE permission, thereby expanding the potential attack surface significantly.
The security implications extend beyond simple data exposure, as this vulnerability aligns with multiple ATT&CK framework techniques including privilege escalation and credential access. The flaw represents a classic case of insecure component configuration, which maps directly to CWE-922, insecure storage of sensitive information. Additionally, the lack of proper access controls and the default export of system components demonstrates poor security by design principles. The vulnerability creates a persistent backdoor that remains active as long as the device is running, and since these components are part of the system-level logging infrastructure, they cannot be easily removed or disabled by users.
Mitigation strategies for this vulnerability require both immediate and long-term approaches. In the short term, users should avoid installing untrusted applications that might exploit these exported components, while device manufacturers should implement proper permission controls and explicitly set android:exported="false" for non-system components. The long-term solution involves updating the affected firmware to versions that properly secure these logging components and prevent unauthorized access. System administrators should monitor for applications that attempt to access these components and implement application whitelisting policies to prevent exploitation. The vulnerability also highlights the importance of proper security auditing of system applications and the need for comprehensive security testing of all exported components in mobile operating systems. Organizations should consider implementing network monitoring solutions to detect suspicious activity related to these logging components and establish incident response procedures for potential exploitation attempts.