Many companies now have large TV sets in conference rooms for events or video conferences. The problem with security gaps in LG WebOS shows that this can unexpectedly introduce vulnerabilities behind the firewall.
The experts at Bitdefender Labs have discovered vulnerabilities in LG WebOS and informed the manufacturer. The gaps, which had already been closed with a push patch from LG, allowed hackers to add new users, gain root access and thus compromise the entire smart home network. Users are encouraged to check whether LG WebOS on their LG TVs is in the updated version as of March 22, 2024.
Root access to the smart home network
The vulnerabilities fixed by LG (CVE-2023-6317, CVE-2023-6318, CVE-2023-6319, CVE-2023-6320) affect the LG WebOS service in various versions from WebOS 4 to WebOS 7. Notable: Although LG WebOS is designed as a local area network (LAN) service, the Shodan tool, which is also used by hackers, can be used to find over 91.000 devices exposed to the Internet. A conservative estimate by security experts therefore puts the total number of affected devices in the almost six-figure range.
On unpatched devices, hackers can bypass authentication in LG WebOS versions 4 to 7 and add themselves as a new user. You can then extend your access rights to root control. Using the vulnerabilities, they infect the attacked network with any type of malware, such as information exfiltration tools or ransomware, under command control. In the CVE-2023-6319 vulnerability, the attacker uses the manipulation of a library that is responsible for displaying song lyrics.
Probably more than 100.000 LG devices affected
Bitdefender Labs recommends that users immediately check whether their LG WebOS is in the latest version on their device. Hackers are increasingly attacking IoT devices because many smart home networks now connect to corporate networks.
More at Bitdefender.com
About Bitdefender Bitdefender is a leading global provider of cybersecurity solutions and antivirus software, protecting over 500 million systems in more than 150 countries. Since it was founded in 2001, the company's innovations have consistently ensured excellent security products and intelligent protection for devices, networks and cloud services for private customers and companies. As the supplier of choice, Bitdefender technology is found in 38 percent of security solutions deployed around the world and is trusted and recognized by industry experts, manufacturers and customers alike. www.bitdefender.de