LG TVs could be hacked to let criminals spy on you — and that’s not all

Celebrity Gig

Your LG TV could be the biggest security vulnerability in your home or your office, new research from Bitdefender has found.

The LG WebOS TV operating system’s versions 4 through 7 are seemingly riddled with security vulnerabilities that allow hackers to add themselves as a user, take over the device and exploit command injection vulnerabilities to their hearts delight.

Over 91,000 devices are exposed via their internet connection, despite the vulnerable service’s intended use being LAN access only.

READ ALSO:  Gears of War E-Day officially revealed at the Xbox Games Showcase

Triple escalation of vulnerabilities

The first vulnerability, tracked as CVE-2023-6317, allows the hacker to skirt around the TV’s authorization mechanisms and by changing a single variable, add themselves as a user on the TV. Next, by abusing the vulnerability tracked as CVE-2023-6318, the hacker can give themselves total access to the device paving the way for command injection.

READ ALSO:  Alibaba says it will split into 6 units that can raise funds and IPO

By abusing two more vulnerabilities, tracked as CVE-2023-6319 and CVE-2023-6320, the hacker can either manipulate a music lyrics library to allow OS command injection, or the attacker can manipulate a specific API endpoint to inject authenticated commands.

The vulnerable device models are:

  • LG43UM7000PLA running webOS 4.9.7 – 5.30.40
  • OLED55CXPUA running webOS 5.5.0 – 04.50.51
  • OLED48C1PUB running webOS 6.3.3-442 (kisscurl-kinglake) – 03.36.50
  • OLED55A23LA running webOS 7.3.1-43 (mullet-mebin) – 03.33.85
READ ALSO:  Can your smartwatch get hacked? Study shows what information is at risk

A patch was released to address these vulnerabilities on March 22, being made available for the above models from April 10, so it is worth checking the OS system version of vulnerable LG TV devices to ensure the patch has been installed.

More from TechRadar Pro

Categories

Share This Article
Leave a comment