Tens of thousands of LG Electronics TVs running WebOS including their premium OLED models, have been exposed by researchers as being vulnerable to hack attacks with home networks potentially exposed for over four years.
If you have an LG Electronics TV running WebOS and it’s connected to your home Wi Fi network, you could have already been exposed to cyber security problems, and malware after security experts found several major problems with the Companies WebOS TVs and appliance operating system.
This is the same South Korean Company that is trying to become a major media player, by selling advertising via their vulnerable OLED WebOS TVs with the problem having been in existence for several years before being discovered.
Recently researchers discovered a new vulnerability, which lets an attacker bypass the authorisation mechanism in WebOS versions 4 through to 7 which are now installed on thousands of LG Electronics TV’s in Australia.
More alarming is that LG Electronics, has known of the problem have made no attempts to alert owners of their TV’s or the media to the existence of the problem in Australia.
A visit to LG Electronics web site in Australia reveals that there is no mention of the problems associated with buying a WebOS powered TV neither is there any advice for consumers who own an LG TV running WebOS.
Also affected are third party TV’s running the WebOS software as their Smart TV interface with several brands now affected by the problem.
What’s been discovered is that by simply changing or setting a variable in the WebOS code an attacker can add an extra user to a WebOS TV.
The vulnerability then allows hackers to elevate their original access and fully take over a device according to Bitdefender.
Another vulnerability discovered by researchers allows the manipulation of content and music on the WebOS device with hackers able to enter their own code and authenticated commands by manipulating the com.webos.service.connectionmanager/tv/setVlanStaticAddress API.
Described as a severe security vulnerability, the problem is so bad that once a hacker has got into your TV it essentially belongs to them.
The next issue is that the weakness of the LG device running WebOs has opened up home networks with hackers able to spy on you while also taking over your streaming service algorithms.
Bitdefender Labs researcher Alexandru Lazăr was the person who identified the four vulnerabilities that affect WebOS devices.
According to recent reports tens of thousands of LG Electronics TV’s are affected by the vulnerability and can be taken over by attackers. These hackers also get access to a home network including PC’s and security systems as well as home automation networks that an LG TV is connected to.
The vulnerable LG TVs are running webOS 4.9.7 – 5.30.40 from 2019, webOS 5.5.0 – 04.50.51 running from 2020, webOS 6.3.3-442 – 03.36.50 running from 2021, and webOS 7.3.1-43- 03.33.85 running from 2022.
Researchers claim that’s range of TVs typically use the same chip and version of webOS, so it’s possible that many additional models could be affected.
We are still awaiting answers from LG Electronics management in Australia.
