Smart TVs bring an unprecedented level of convenience to home entertainment, but they also introduce a whole new world of threats. For instance, this week, Bitdefender uncovered several new vulnerabilities impacting over 91,000 LG TV models running webOS versions 4 through 7. They were able to exploit the vulnerabilities to take over LG TVs.
More specifically, these vulnerabilities Bitdefender found could give hackers the ability to bypass the authorization mechanism in webOS, add an extra user to the TV, elevate their access to root and take over the TV, and inject authenticated commands.
Here are all of the LG TV webOS versions currently vulnerable to these attacks:
- webOS 4.9.7 – 5.30.40 running on LG43UM7000PLA
- webOS 5.5.0 – 04.50.51 running on OLED55CXPUA
- webOS 6.3.3-442 (kisscurl-kinglake) – 03.36.50 running on OLED48C1PUB
- webOS 7.3.1-43 (mullet-mebin) – 03.33.85 running on OLED55A23LA
As noted by Ars Technica, all of these vulnerabilities stem from the LG ThinQ smartphone app, which can control an LG TV when connected to the same network. A Bitdefender representative told Ars Technica that while “local access is required to exploit the vulnerabilities,” attackers can control the TV remotely once it has been compromised.
If you have any of the LG TV models listed above, you should ensure that you have the latest version of the webOS software. There’s a good chance that your TV will apply the latest update automatically, but if not, check this page on LG’s support site to learn how to update. Depending on which version you have, you will either need to go to Settings > All Settings > Support and select Software Update or Settings > All Settings > General and select About this TV.