How to hack a LG Smart TV via vulnerabilities in LG WebOS?
Cybersecurity firm Bitdefender has uncovered critical vulnerabilities in LG's WebOS, the operating system for many LG smart TVs, affecting versions 4 through 7. These vulnerabilities could allow unauthorized access and control over the devices, posing risks of data breaches. Over 91,000 devices were found to be exposed to the internet, despite the service being intended for LAN access only. The vulnerabilities include an authorization mechanism bypass (CVE-2023-6317), root access elevation (CVE-2023-6318), operating system command injection via a music lyrics display library (CVE-2023-6319), and authenticated command injection through an API endpoint (CVE-2023-6320). These vulnerabilities could enable attackers to bypass user authentication, gain root access, execute arbitrary commands, and alter network configurations. Affected WebOS versions and models include 4.9.7 (LG43UM7000PLA) and 7.3.1-43 (OLED55A23LA) with specific vulnerabilities, while versions 5.5.0 (OLED55CXPUA) and 6.3.3-442 (OLED48C1PUB) are susceptible to all identified vulnerabilities. Mitigation measures for LG include releasing patches, ensuring devices receive updates automatically, reviewing API endpoints, and implementing a secure software development lifecycle. Users are advised to apply updates promptly, restart devices after updates, segment IoT devices on separate networks, and monitor network traffic for unusual activities. CVEs: CVE-2023-6317, CVE-2023-6318, CVE-2023-6319, CVE-2023-6320 [View Article](https://www.securitynewspaper.com/2024/04/09/how-to-hack-a-lg-smart-tv-via-vulnerabilities-in-lg-webos/)