Smart TVs are the center of digital entertainment. They are the connectivity nexus for smart devices, services, and components. Recently, LG finds itself at the center of a cybersecurity storm as vulnerabilities in their popular TVs pose a serious threat to users.
A significant security concern has emerged for LG TV owners, with nearly 91,000 units globally at risk of unauthorized takeover. These vulnerabilities, identified in four LG TV models, were discovered late last year and prompted the release of a crucial security patch(es).
What’s Happening & Why This Matters
The affected models are widely used across South Korea, the United States, and several other countries. Affected models span different versions of LG’s webOS platform. The issue was unearthed by Bitdefender, a leading security firm, which found that these vulnerabilities could allow hackers to gain root access to the TVs. With root access, hackers can execute commands at the OS level that bypasses authentication measures.
This breach could potentially let attackers control the TVs remotely which poses significant privacy and security risks to users. The primary vulnerability, tracked as CVE-2023-6317, lies in a service intended for LG’s ThinkQ app; ThinkQ allows TVs to be controlled via smartphones. An error in this service could let an unauthorized user bypass the PIN code verification to gain privileged user status.
Following this initial breach, attackers could exploit additional vulnerabilities to elevate their access further and inject malicious commands. These include CVE-2023-6318, CVE-2023-6319, and CVE-2023-6320, each allowing for different methods of attack such as command injection and manipulation of specific application interfaces. Researchers cannot verify if attached devices (i.e., streaming devices, set-top boxes, gaming consoles) can be affected also.
TF Summary: What’s Next
In response to the vulnerability discovery, starting Wednesday, LG is rolling out updates for the affected models available through the TVs’ settings menu. LG is urging users to apply these updates immediately to protect their devices from potential attacks.
LG”s resolution of the issue shows cybersecurity risks extended to any and all smart devices. This incident highlights the friction between technology advancements and cybersecurity threats. Our homes are more connected than ever. Our reliance on smart devices remains a critical concern. Device manufacturers and users must stay vigilant by prioritizing updates and maintaining robust security practices to safeguard against such vulnerabilities. Security is a moving target — evolving and never stagnant.