Security flaw found in thousands of LG TVs, but this new update will stop hackers
Is your LG TV one of the vulnerable models?
Share this article...
WePC is reader-supported. When you buy through links on our site, we may earn an affiliate commission. Prices subject to change. Learn more
Multiple vulnerabilities have been spotted in a number of LG smart TVs, including some popular OLED models from the past few years. Luckily, a patch is being rolled out on April 10th to address the issues. These security flaws could affect as many as 91,000 units – as long as your device is internet-connected, hackers have the potential to gain root access.
One outlet reporting on this is Ars Technica, referencing the security firm Bitdefender which were the first to release a public report on the issue. If hackers were to gain root access to the device, they’d be able to inject commands at the OS level, with the potential to install malicious apps or gain access to paid accounts.
Black Friday is back, and with it comes huge savings on some of the market’s most popular gaming and tech products. We’ll be covering all the best deals in more details over in our deals hub, but if you haven’t got time to read through those, why not see our top picks below.
-
ASUS TUF NVIDIA RTX 5080
Was $1599
Now $1199
-
ASUS TUF RTX 5070 Ti
Was $999
Now $849
-
Samsung Odyssey OLED G6
Was $899
Now $649
-
TCL 43S250R Roku TV 2023
Was $279
Now $199
-
iBUYPOWER Y40 Gaming PC
Was $2,299
Now $1,819
-
Samsung Odyssey G9 (G95C)
Was $1,299
Now $777
-
Alienware Area-51 gaming laptop
Was $3,499
Now $2,799
-
Samsung 77-inch OLED S95F
Was $4,297
Now $3,497
-
ASUS ROG Strix G16
Was $1,499
Now $1,199
*Prices and savings subject to change. Click through to get the current prices.
Which LG TVs are affected? And where to update
Reports show that four LG TVs are affected, with a reported 88,000 internet-connected units displaying on the Shodan search engine. The majority of devices are located in South Korea, Hong Kong, the US, Sweden, and Finland. These models are as follows:
- LG43UM7000PLA on webOS 4.9.7 – 5.30.40
- OLED55CXPUA on webOS 5.5.0 – 04.50.51
- OLED48C1PUB on webOS 6.3.3-442 (kisscurl-kinglake) – 03.36.50
- OLED55A23LA on webOS 7.3.1-43 (mullet-mebin) – 03.33.85
As you can see above, a few popular OLED models such as the CX, C1, and A2 are included. If you have one of these models above running on webOS, an update to address these security flaws should be available to you via the settings menu.
How do hackers gain access?
This vulnerability is related to webOS, LG’s operating system for their smart TVs. Bitdefender can give you a more technical look at the security side of things, but vulnerabilities have been found in a service designed to interact with the LG ThinkQ smartphone app when connected to the same local network. Even though it is only intended for LAN access, the service has instead been exposed to the internet. Hackers could potentially bypass the PIN code usually required to (locally) authorize access and create a privileged user profile.
CVE track this vulnerability as CVE-2023-6317, and it opens up the possibility to take advantage of further vulnerabilities, which were discovered back in November 2023. These have too been addressed by the new security update.
- CVE-2023-6318 – allows attackers to gain root access
- CVE-2023-6319 – allows attackers to inject OS commands
- CVE-2023-6320 – allows attackers to inject authenticated commands
