On April 9th cybersecurity experts from Bitdefender revealed a set of alarming vulnerabilities in LG smart TVs, putting around 91,000 devices worldwide in danger of being compromised by cybercriminals. These vulnerabilities are found across multiple versions of LG’s WebOS TV operating system, ranging from version 4 to version 7, on various models. The four distinct software bugs, catalogued as CVE-2023-6317 to CVE-2023-6320, allow attackers to bypass PIN verification, gain root access, operate command injection, and execute arbitrary authenticated commands.
For tech enthusiasts and smart device users, this news strikes a concerning chord. The modern household is more connected than ever, with smart TVs acting as a hub for entertainment, communication, and even home automation. A compromised smart TV opens the door not only to unauthorized control of the TV itself but also to potential access to any connected devices, accounts, and personal data associated with it.
According to the reports, CVE-2023-6317 is a particularly problematic vulnerability because it permits an attacker to add a privileged user profile to the TV set without the need for user interaction. This vulnerability can be compounded with CVE-2023-6318, which escalates privileges, CVE-2023-6319, which allows operating system command injection, and CVE-2023-6320, which permits the injection of authenticated commands, all leading to an extensive control over the affected device.
Bitdefender’s research points out that over 91,000 devices have been identified that expose the vulnerable service to the internet, with the bulk of the devices located in South Korea, the U.S., Sweden, Finland, and Latvia.
LG swiftly addressed these concerns with a software update released on March 22, 2024. This proactive step by LG underscores the seriousness of the situation and the urgency for users to act promptly in protecting their devices. For LG TV owners who are worried, it is crucial to prioritize updating their TV’s software. LG has rolled out a fix through their recent software update, which should have been automatically installed on most devices. Users are encouraged to access their TV’s settings, particularly under Support > Software Update, and proactively search for any pending updates to ensure they are running the latest and most secure version of WebOS TV.
These vulnerabilities are a stark reminder of the complex security landscape that surrounds IoT devices. Users must be proactive in updating their devices, and manufacturers like LG need to remain steadfast in their commitment to protecting users through timely patches and security updates.
Relevant articles:
– Thousands of LG Smart TVs have security bugs that could let hackers hijack them
– Researchers Discover LG Smart TV Vulnerabilities Allowing Root Access, The Hacker News, Tue, 09 Apr 2024 13:05:00 GMT
– Thousands of LG TVs are vulnerable to takeover—here’s how to ensure yours isn’t one, Ars Technica, Tue, 09 Apr 2024 19:12:47 GMT
– 91,000 Smart LG TV Devices Vulnerable to Remote Takeover, HackRead, Tue, 09 Apr 2024 13:23:31 GMT