December 26, 2024

MediaBizNet

Complete Australian News World

Thousands of LG TVs are exposed to the world.  Here's how to make sure your device isn't.

Thousands of LG TVs are exposed to the world. Here's how to make sure your device isn't.

Thousands of LG TVs are exposed to the world.  Here's how to make sure your device isn't.

Getty Images

As many as 91,000 LG TVs are at risk of being seized unless they receive a just-released security update to fix four critical vulnerabilities discovered late last year.

The vulnerabilities were found in four LG TV models that collectively have just over 88,000 units worldwide. according to Results returned by Shodan search engine for Internet-connected devices. The vast majority of these units are located in South Korea, followed by Hong Kong, the United States, Sweden and Finland. The models are:

  • LG43UM7000PLA running webOS 4.9.7 – 5.30.40
  • OLED55CXPUA running webOS 5.5.0 – 04.50.51
  • OLED48C1PUB running webOS 6.3.3-442 (kisscurl-kinglake) – 03.36.50
  • OLED55A23LA running webOS 7.3.1-43 (multiple) – 03.33.85

As of Wednesday, updates are available through the settings menu for these devices.

Got root?

According to Bitdefender – the security company that discovered the vulnerabilities – malicious hackers can exploit them to gain root access into devices and inject commands that work at the operating system level. The vulnerabilities, which affect internal services that allow users to control their devices using their phones, allow attackers to bypass authentication procedures designed to ensure that only authorized devices can benefit from the capabilities.

“These vulnerabilities allow us to gain root access on the TV after bypassing the authorization mechanism,” researchers at Bitdefender said Tuesday wrote. “Although the vulnerable service is intended for LAN access only, Shodan, a search engine for Internet-connected devices, identified more than 91,000 devices that expose this service to the Internet.”

The main vulnerability that makes these threats possible lies in a service that allows TVs to be controlled using LG's ThinkQ smartphone app when they are connected to the same local network. The service was designed to require the user to enter a PIN to prove authorization, but a bug occurred that allowed someone to skip this verification step and become a premium user. This vulnerability is tracked as: CVE-2023-6317.

Once attackers have this level of control, they can continue to exploit three other vulnerabilities, specifically:

  • CVE-2023-6318allowing attackers to leverage their root access
  • CVE-2023-6319which allows operating system commands to be entered by manipulating a library to display music lyrics
  • CVE-2023-6320which allows an attacker to inject authenticated commands by manipulating the com.webos.service.connectionmanager/tv/setVlanStaticAddress application interface.
yowamushi pedal hentai xyzhentai.com marron marron hentai 9 hentai savehentai.info hroz hentaifox بينيك مرات ابوه arabicpornmovies.com نيك غصب love chunibyo and other delusions hentai hentaiquality.com anime porn' imbestigador july 2 2022 pinoyfilms.net live kumu www indian anti sex com alohaporn.me indian mms clips www.brazzer hd videos rajwap.biz vitya sipsons hentai hentairips.com hrntai comic giantess anime hentai hentaiceleb.com elf no yomeiri answer to 4 pics 1 word teleseryestv.com taiwan lotto result 6/49 الراقصة كاميليا سكس luksporno.net افلام سكس ايطالي аска хентай hentaimage.net mercy hentia hot tv actress indian mochito.mobi wwe girls fight hot boobs massage pornoguru.info human digest.com جنس شرجى rjvend.com سكس الراقصة شمس