LG Patches Critical Vulnerabilities in Smart TVs
LG has issued updates to address four new security vulnerabilities in thousands of its smart TVs, as discovered by researchers from cybersecurity firm Bitdefender. These vulnerabilities, primarily affecting LG’s WebOS versions 4 through 7, could potentially allow hackers to manipulate the devices by adding users or installing malware.
The most critical bugs, three of which received a severity rating of 9.1 out of 10, involve the manipulation of user accounts and device control. Specifically, CVE-2023-6317 allows an attacker to bypass PIN verification and create a privileged user account via the LG ThinkQ app, which is used to control the TVs. Following this, CVE-2023-6318 could enable a hacker to elevate their access level and fully take over the device.
CVE-2023-6319 and CVE-2023-6320 could be exploited to deploy malware, enabling attackers to monitor traffic or navigate through a smart home network. These vulnerabilities highlight the increasing risks associated with smart IoT devices, which are becoming prime targets for inclusion in botnet networks that facilitate larger cyber attacks.
Despite LG’s initial silence in response to media inquiries, the company confirmed the vulnerabilities shortly after Bitdefender’s report and released patches on March 22. An initial search using the Shodan security tool revealed that over 91,000 LG devices worldwide were exposed, though this number has slightly decreased following the report’s publication.
The patches are part of LG’s ongoing efforts to secure its IoT devices, reflecting broader industry challenges in protecting smart home ecosystems. Owners of LG smart TVs are urged to update their devices promptly to mitigate potential risks.
