More than 90,000 LG smart TVs are at risk of being remotely attacked

Bitdefender security researchers discovered four vulnerabilities in the WebOS operating system running on LG smart TVs.

According to Bitdefender, the vulnerability gives hackers unauthorized access and control to varying degrees on the affected TV, such as permission bypass, privilege escalation, and command injection. Hackers can create arbitrary accounts on the device using a service running on port 3000/3001, which is currently used to connect smartphones with a PIN code. Tests of Internet scans with the Shodan Report security scanning tool showed that about 91,000 LG devices were vulnerable.

An LG TV model. Photo: LG

The four vulnerabilities released by the research team include CVE-2023-6317, which allows attackers to bypass the TV's authorization mechanism and add users without consent; CVE-2023-6318 gains root access after execution of CVE-2023-6317; CVE-2023-6319 OS command injection and arbitrary command execution; and CVE-2023-6320 allows hackers to exploit the API to execute commands as the dbus user, a permission similar to root.

The vulnerabilities affect WebOS versions 4.9.7 - 5.30.40 running on the 43UM7000PLA TV series, WebOS 04.50.51 - 5.5.0 on the OLED55CXPUA TV, WebOS 0.36.50 - 6.3.3-442 on the OLED48C1PUB, and WebOS 03.33.85 - 7.3.1-43 on OLED48C1PUB, OLED55A23LA.


PIN code to connect to smartphone on LG TV. Photo: Bitdefender

Bitdefender said it discovered the vulnerability late last year and reported it to LG. However, it wasn't until the end of March that the Korean company released the first update to fix it. Users can go to Settings > Support > Software Update > Check for updates.

LG has not yet commented.

According to Bleeping Computer , although the security issue on TVs is not as big as on computers or smartphones, bad guys can still use it as a point to attack other devices connected to the same network. Besides, smart TVs often connect to online accounts, so hackers can steal these accounts. Finally, TVs can be exploited as botnets (ghost computer networks) for DDoS denial of service attacks or silently install cryptocurrency mining software.

Bao Lam

Cyber ​​attack plot shakes the technology industry 35
Vietnamese hackers are suspected of stealing financial data in Asia 47
Hackers 'undercover' in many key information systems
iPhone users are bombarded with requests to reset their passwords 24
Thousands of wifi passwords were collected using homemade devices 210

Sexual and reproductive health is a field of research, healthcare, and social activism that explores the health of an individual's reproductive system and sexual wellbeing during all stages of their life..
All information is for reference only. We are not responsible for any results.
Email: [email protected]
Ward Gia Canh, District Dinh Quan, Province Dong Nai Copyright 2021 www.clickzengage.com, all rights reserved.