Security flaw found in thousands of LG TVs, but this new update will stop hackers



Is your LG TV one of the vulnerable models?
Updated: Apr 10, 2024 11:16 am

WePC is reader-supported. When you buy through links on our site, we may earn an affiliate commission. Prices subject to change. Learn more

Table of Contents
Table of Contents

Multiple vulnerabilities have been spotted in a number of LG smart TVs, including some popular OLED models from the past few years. Luckily, a patch is being rolled out on April 10th to address the issues. These security flaws could affect as many as 91,000 units – as long as your device is internet-connected, hackers have the potential to gain root access.
One outlet reporting on this is Ars Technica, referencing the security firm Bitdefender which were the first to release a public report on the issue. If hackers were to gain root access to the device, they’d be able to inject commands at the OS level, with the potential to install malicious apps or gain access to paid accounts.
Which LG TVs are affected? And where to update
Reports show that four LG TVs are affected, with a reported 88,000 internet-connected units displaying on the Shodan search engine. The majority of devices are located in South Korea, Hong Kong, the US, Sweden, and Finland. These models are as follows:

LG43UM7000PLA on webOS 4.9.7 – 5.30.40
OLED55CXPUA on webOS 5.5.0 – 04.50.51
OLED48C1PUB on webOS 6.3.3-442 (kisscurl-kinglake) – 03.36.50
OLED55A23LA on webOS 7.3.1-43 (mullet-mebin) – 03.33.85

As you can see above, a few popular OLED models such as the CX, C1, and A2 are included. If you have one of these models above running on webOS, an update to address these security flaws should be available to you via the settings menu.
How do hackers gain access?
This vulnerability is related to webOS, LG’s operating system for their smart TVs. Bitdefender can give you a more technical look at the security side of things, but vulnerabilities have been found in a service designed to interact with the LG ThinkQ smartphone app when connected to the same local network. Even though it is only intended for LAN access, the service has instead been exposed to the internet. Hackers could potentially bypass the PIN code usually required to (locally) authorize access and create a privileged user profile.
CVE track this vulnerability as CVE-2023-6317, and it opens up the possibility to take advantage of further vulnerabilities, which were discovered back in November 2023. These have too been addressed by the new security update.

We will be happy to hear your thoughts

Leave a reply

Pulsethrivehub
Logo
Shopping cart