LG TVs at risk from hackers spying on users — what to do now

LG C2 OLED TV streaming
(Image credit: Tom's Guide)

If you thought protecting your smartphone and laptop from hackers was bad enough, a new report has revealed the types of vulnerabilities that can be hiding in the background of the best TVs.

According to a new blog post from Bitdefender, many of the best LG TVs running webOS versions 4 through 7 contained a number of vulnerabilities that, if exploited, could allow an attacker to add themselves as a user and gain root access to your TV. From there, they could use command injection to drop dangerous malware, snoop on the traffic coming and going from your TV and even move laterally across your home network.

It’s worth noting that Bitdefender was only able to gain unauthorized access to LG TVs connected via Ethernet. Still, the firm’s security researchers identified over 91,000 TVs with the vulnerable service in question exposed online by using Shodan, a search engine for internet-connected devices. While the majority of the vulnerable LG TVs were located in South Korea, Bitdefender found thousands in the U.S. and in other countries around the world.

Whether you own an LG TV yourself or one of the best smart TVs for streaming, here’s everything you need to know about these vulnerabilities, along with some steps you can take to ensure your TV isn’t taken over by hackers anytime soon.

From adding an extra user to taking over a TV

As it has its own smart home cybersecurity hub, Bitdefender routinely purchases and audits popular IoT hardware for vulnerabilities to help educate both businesses and consumers on the dangers connected devices can pose. This is exactly what the firm did with several LG TV models.

In doing so, its security researchers discovered a vulnerability (tracked as CVE-2023-6317) that an attacker could exploit to add an extra user to an LG TV. Bitdefender found that this new user could be granted elevated privileges by leveraging another flaw (tracked as CVE-2023-6318). According to Bitdefender, the first vulnerability has been confirmed to affect LG TVs running webOS versions 4.9.7, 5.5.0, 6.3.3-442 and 7.3.1-43.

Another vulnerability (tracked as CVE-2023-6319) was also discovered, which allows commands to be injected into webOS by manipulating a library used to show music lyrics. Of the four flaws discovered by Bitdefender’s security researchers, this one is the most concerning since it could be used to drop malware onto a vulnerable LG TV. The final flaw (tracked as CVE-2023-6320) allows an attacker to inject authenticated commands by manipulating an API endpoint.

Fortunately, Bitdefender found all of these flaws before an attacker could in November of last year. The cybersecurity firm then reported them to LG, and the Korean hardware maker proceeded to fix all of them before Bitdefender released its report on the matter.

How to keep your smart TV safe from hackers

How to Update LG TV Software

(Image credit: Tom's Guide)

Just like with the best phones and best laptops, the most important thing you can do to keep your smart TV safe from hackers is to keep it regularly updated. Hackers and other cybercriminals often target devices that aren’t running the latest software, which is why it’s so important to keep your devices updated, even if frequently installing the latest updates and patches can get annoying. If you're having difficulties updating your own TV, here's a guide on how to update LG TV software.

From here, there are a few other things you can do to prevent your TV from falling victim to an attack. For starters, you want to ensure you’re using strong passwords with all of your online accounts. If you have trouble coming up with these on your own, you can always turn to one of the best password managers for help since they all contain password generators. Likewise, there are plenty of free password generators online, but they won’t securely store and autofill your passwords for you.

Since all of the internet traffic coming into your home and leaving your house passes through one of the best Wi-Fi routers, you also want to keep your router up to date too. Newer Wi-Fi routers come with their own apps, which make it very easy to download and install the latest updates. However, if you have an older router, you can always manually update it yourself.

As our TVs are often in the center of our households and now contain plenty of our personal and financial data, they will likely become a target for hackers just like our phones and computers. This is why you need to keep all of your devices updated and secured using strong passwords that you don’t reuse across multiple online accounts.

More from Tom's Guide

TOPICS
Anthony Spadafora
Managing Editor Security and Home Office

Anthony Spadafora is the managing editor for security and home office furniture at Tom’s Guide where he covers everything from data breaches to password managers and the best way to cover your whole home or business with Wi-Fi. He also reviews standing desks, office chairs and other home office accessories with a penchant for building desk setups. Before joining the team, Anthony wrote for ITProPortal while living in Korea and later for TechRadar Pro after moving back to the US. Based in Houston, Texas, when he’s not writing Anthony can be found tinkering with PCs and game consoles, managing cables and upgrading his smart home.