A recent report has unveiled a critical vulnerability within LG’s WebOS versions 4 through 7, potentially impacting a vast range of LG high-definition televisions (HDTVs) and commercial signage monitors. This flaw enables malicious actors to obtain root access to the devices, posing a significant security risk.
The detected susceptibility occurs in models released between 2018 and 2022, with at least 91,000 internet-connected displays potentially at risk. Root access vulnerabilities are particularly concerning as they grant attackers total control over the device, including installed applications, accounts, and any peripheral devices such as web cameras. This could lead to the unauthorized access of sensitive data, such as credit card details and account passwords, as well as private video streams from living spaces or bedrooms.
This specific vulnerability in LG WebOS leverages two out of four critical issues: CVE-2023-6317, to avoid password checks, and CVE-2023-6318, to achieve root-level control. The additional vulnerabilities, CVE-2023-6319 and CVE-2023-6320, allow the injection of OS commands and dbus user commands with root privileges, respectively.
Upon discovering this security vulnerability, Bitdefender responsibly reported the issue to LG to facilitate a timely resolution. LG smart TV and monitor owners should reach out to LG customer support for guidance on updating their operating systems to rectify the vulnerability. For an immediate safeguard, users may want to disconnect their devices from the internet and, if applicable, detach any LG Smart Cam cameras to prevent unauthorized access until the issue is resolved through a patch update.
In an era where smart TVs have become prevalent, this incident serves as a stark reminder of the potential risks involved. Consumers concerned about their privacy and security might want to consider switching to non-smart, or “dumb”, HDTVs which lack internet connectivity and the associated risks.
To ensure the security of personal data and peace of mind, smart TV users are advised to regularly check for operating system updates, maintain robust password practices, and remain informed about potential vulnerabilities affecting their devices. Staying vigilant and responsive to security advisories can greatly mitigate the risks posed by such vulnerabilities.
