Researchers Discover LG Smart TV Vulnerabilities Allowing Root Access

The disclosure of multiple security vulnerabilities in LG webOS, as reported by Bitdefender, underscores the critical importance of addressing cybersecurity risks associated with smart television platforms. Discovered in November 2023 and subsequently reported, these vulnerabilities could have potentially allowed threat actors to bypass authorization mechanisms and gain root access to affected devices.

The vulnerabilities, tracked from CVE-2023-6317 through CVE-2023-6320, pose a significant risk to users of LG smart televisions running specific versions of webOS. These include versions 4.9.7 to 5.30.40 on LG43UM7000PLA, versions 5.5.0 to 04.50.51 on OLED55CXPUA, versions 6.3.3-442 (kisscurl-kinglake) to 03.36.50 on OLED48C1PUB, and versions 7.3.1-43 (mullet-mebin) to 03.33.85 on OLED55A23LA.

webOS 4.9.7 - 5.30.40 running on LG43UM7000PLA

webOS 5.5.0 - 04.50.51 running on OLED55CXPUA

webOS 6.3.3-442 (kisscurl-kinglake) - 03.36.50 running on OLED48C1PUB

webOS 7.3.1-43 (mullet-mebin) - 03.33.85 running on OLED55A23LA

To mitigate these vulnerabilities, LG promptly released updates on March 22, 2024, addressing the identified security flaws. It is imperative for users of LG smart televisions to ensure that their devices are promptly updated to the latest firmware versions to mitigate the risk of exploitation.

This incident underscores the ongoing need for proactive cybersecurity measures in the rapidly evolving landscape of smart devices and Internet of Things (IoT) technologies. Timely detection, disclosure, and remediation of security vulnerabilities are essential to safeguarding the privacy and security of users' personal data and devices in an increasingly interconnected world.

The revelation by Bitdefender that over 91,000 devices exposing the vulnerable service to the internet, despite it being intended for LAN access only, highlights a concerning trend in cybersecurity. Despite the service's intended restriction to local network access, the widespread exposure of these devices poses a significant risk, potentially enabling unauthorized access and exploitation by threat actors. The geographical distribution of these exposed devices, with a majority located in South Korea, Hong Kong, the U.S., Sweden, Finland, and Latvia, underscores the global nature of the issue. This widespread presence emphasizes the urgent need for heightened awareness and proactive measures to address security vulnerabilities in Internet-connected devices. The findings serve as a stark reminder of the importance of robust cybersecurity practices, including proper network segmentation, access controls, and regular security updates, to mitigate the risk of unauthorized access and protect sensitive information from exploitation by malicious actors. As the number of Internet-connected devices continues to proliferate, ensuring the security and privacy of these devices remains a paramount concern for both consumers and manufacturers alike.