Home > News

LG quietly fixes vulnerability in thousands of their TVs which could give access to hackers

Another thing to worry about with smart TVs
Last Updated on April 11, 2024
LG quietly fixes vulnerability in thousands of their TVs which could-give access to hackers
PC Guide is reader-supported. When you buy through links on our site, we may earn an affiliate commission. Read More
You can trust PC Guide: Our team of experts use a combination of independent consumer research, in-depth testing where appropriate - which will be flagged as such, and market analysis when recommending products, software and services. Find out how we test here.

LG is obviously well known for their wide range of televisions, whether that be while boasting some of the best OLED TVs on the market, or a more budget-friendly alternative. Either way, it’s never good news to hear about security vulnerabilities in tech, but it is something to think about. One flaw in the LG’s webOS platform could end up giving hackers root access to your device, but luckily the issue has been resolved as long as you get the update.

Researchers from cybersecurity firm Bitdefender released a report on the issue, detailing a problem related to the LG ThinkQ smartphone app when providing access to your TV. This was found to be the case in several webOS versions, 4 through 7, reportedly affecting as many as 91,000 internet-connected devices.

Multiple LG TVs were affected by this vulnerability

The security flaw had been spotted on multiple devices running on particularly vulnerable versions of webOS, which are listed as follows on the Bitdefender report:

  • webOS 4.9.7 – 5.30.40 running on LG43UM7000PLA
  • webOS 5.5.0 – 04.50.51 running on OLED55CXPUA
  • webOS 6.3.3-442 (kisscurl-kinglake) – 03.36.50 running on OLED48C1PUB
  • webOS 7.3.1-43 (mullet-mebin) – 03.33.85 running on OLED55A23LA

In terms of how hackers could gain access to your device, we can try and put it simply. A service designed to interact with the ThinkQ app when connected to your local network was instead unintendedly exposed online, as evident from the Shodan search engine which keeps track of internet-connected devices such as LG’s smart TVs. Hackers could potentially bypass the PIN used to authorize access through the app, creating a new user profile with privileges. This was tracked as CVE-2023-6317.

LG provides update to fix security flaw

The good news for users is that LG has indeed fixed the issue, as Ars Technica reports. This was understandably done in conjunction with the announcement of the report from Bitdefender. If not automatically updated, an update should be available through your TV’s settings menu and was made available on April 10th.

If this vulnerability went unnoticed, it could have gotten much worse as the hacker could gain root access and the possibility to install malicious hardware via a number of other vulnerabilities, which have also since been fixed.

At PC Guide, Jack is mostly responsible for reporting on hardware deals. He also specializes in monitors, TVs, and headsets and can be found putting his findings together in a review or best-of guide.