Home » PC Tech & Gaming News » Security flaw found in thousands of LG TVs, but this new update will stop hackers

Security flaw found in thousands of LG TVs, but this new update will stop hackers

Is your LG TV one of the vulnerable models?

Updated: Apr 10, 2024 11:16 am
Jack Goodall
Jack Goodall
PC Tech & Gaming News
Security flaw found in thousands of LG TVs, but this new update will stop hackers

WeJiJ is reader-supported. When you buy through links on our site, we may earn an affiliate commission. Prices subject to change. Learn more

Multiple vulnerabilities have been spotted in a number of LG smart TVs, including some popular OLED models from the past few years. Luckily, a patch is being rolled out on April 10th to address the issues. These security flaws could affect as many as 91,000 units – as long as your device is internet-connected, hackers have the potential to gain root access.

One outlet reporting on this is Ars Technica, referencing the security firm Bitdefender which were the first to release a public report on the issue. If hackers were to gain root access to the device, they’d be able to inject commands at the OS level, with the potential to install malicious apps or gain access to paid accounts.

Which LG TVs are affected? And where to update

Reports show that four LG TVs are affected, with a reported 88,000 internet-connected units displaying on the Shodan search engine. The majority of devices are located in South Korea, Hong Kong, the US, Sweden, and Finland. These models are as follows:

  • LG43UM7000PLA on webOS 4.9.7 – 5.30.40
  • OLED55CXPUA on webOS 5.5.0 – 04.50.51
  • OLED48C1PUB on webOS 6.3.3-442 (kisscurl-kinglake) – 03.36.50
  • OLED55A23LA on webOS 7.3.1-43 (mullet-mebin) – 03.33.85

As you can see above, a few popular OLED models such as the CX, C1, and A2 are included. If you have one of these models above running on webOS, an update to address these security flaws should be available to you via the settings menu.

How do hackers gain access?

This vulnerability is related to webOS, LG’s operating system for their smart TVs. Bitdefender can give you a more technical look at the security side of things, but vulnerabilities have been found in a service designed to interact with the LG ThinkQ smartphone app when connected to the same local network. Even though it is only intended for LAN access, the service has instead been exposed to the internet. Hackers could potentially bypass the PIN code usually required to (locally) authorize access and create a privileged user profile.

CVE track this vulnerability as CVE-2023-6317, and it opens up the possibility to take advantage of further vulnerabilities, which were discovered back in November 2023. These have too been addressed by the new security update.

Jack Goodall

Jack Goodall

As a Junior Staff Writer, Jack is involved in writing and maintaining a bunch of hardware guides & reviews. With an interest in PC gaming, he now focuses on writing about monitors, headsets, and more.

Trusted Source

WeJiJ’s mission is to be the most trusted site in tech. Our editorial content is 100% independent and we put every product we review through a rigorous testing process before telling you exactly what we think. We won’t recommend anything we wouldn’t use ourselves. Read more

Where to buy and pre order LG UltraGear 32GS95UE

Where to buy LG UltraGear 32GS95UE – confirmed & expected retailers

Jack Goodall
How to activate Office 2021 Keycense

How to activate Office 2021 and harness its full potential

Aaron Ritchie
The Ultimate Video Editing Workflow

The Ultimate Video Editing Workflow

WeJiJ Staff
ASUS AMD Cashback Rate My Gear campaign

Save up to £110 on GPUs this March with ASUS AMD Cashback & Rate My Gear campaigns

WeJiJ Staff
Join the community!