1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • LG TVs could be hacked to let criminals spy on you and that's no

    From TechnologyDaily@1337:1/100 to All on Wed Apr 10 20:00:06 2024
    LG TVs could be hacked to let criminals spy on you and that's not all

    Date:
    Wed, 10 Apr 2024 19:53:53 +0000

    Description:
    Hackers could take over your LG TV and buy every episode of that show you
    hate but there is a fix.

    FULL STORY ======================================================================

    Your LG TV could be the biggest security vulnerability in your home or your office, new research from Bitdefender has found.

    The LG WebOS TV operating systems versions 4 through 7 are seemingly riddled with security vulnerabilities that allow hackers to add themselves as a user, take over the device and exploit command injection vulnerabilities to their hearts delight.

    Over 91,000 devices are exposed via their internet connection, despite the vulnerable services intended use being LAN access only. Triple escalation of vulnerabilities

    The first vulnerability, tracked as CVE-2023-6317 , allows the hacker to
    skirt around the TVs authorization mechanisms and by changing a single variable, add themselves as a user on the TV. Next, by abusing the vulnerability tracked as CVE-2023-6318 , the hacker can give themselves total access to the device paving the way for command injection.

    By abusing two more vulnerabilities, tracked as CVE-2023-6319 and CVE-2023-6320 , the hacker can either manipulate a music lyrics library to allow OS command injection, or the attacker can manipulate a specific API endpoint to inject authenticated commands.

    The vulnerable device models are: LG43UM7000PLA running webOS 4.9.7 - 5.30.40 OLED55CXPUA running webOS 5.5.0 - 04.50.51 OLED48C1PUB running webOS
    6.3.3-442 (kisscurl-kinglake) - 03.36.50 OLED55A23LA running webOS 7.3.1-43 (mullet-mebin) - 03.33.85

    A patch was released to address these vulnerabilities on March 22, being made available for the above models from April 10, so it is worth checking the OS system version of vulnerable LG TV devices to ensure the patch has been installed. More from TechRadar Pro Bitdefender now has identity protection
    for Gmail and Outlook Here is our guide to the best malware removal tools Hyper-secure credential sharing is here - Keeper Security introduces time-limited access and self-destructing records




    ======================================================================
    Link to news story: https://www.techradar.com/pro/lg-tvs-could-be-hacked-to-let-criminals-spy-on-y ou-experts-warn


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)