Is your TV watching YOU? Critical flaw discovered in thousands of LG Smart TVs — act now to stop hackers

a warning triangle sticker is pictured peeling off a wall with a picture of an LG Smart TV running WebOS superimposed infront of it

LG TV viewers need to dive into the Settings menu to trigger the latest software update, or risk a dangerous hack from cyber criminals

UNSPLASH - MARKUS SPISKE | LG PRESS OFFICE
Aaron Brown

By Aaron Brown


Published: 13/04/2024

- 05:30

Ignoring the latest WebOS update could be diastrous

  • Thousands of LG TVs are susceptible to four software flaws
  • Critical bug discovered in WebOS 4.0 through to 7.0
  • LG has issued an update to fix the loophole
  • If you don't have automatic updates enabled, you'll need to take action

LG TV owners need to take action now to close a handful of flaws discovered in the software. Left untreated, these bugs could allow hackers to gain access to the television — or other devices on the same Wi-Fi network.


Security researcher Alexandru Lazăr unearthed the four vulnerabilities within WebOS, the software developed by LG that powers its Smart TVs. Attackers can use this loophole to bypass the usual authorisation process and gain root access to internet-connected TVs from anywhere in the world.

Once inside, your LG Smart TV becomes the hacker's LG Smart TV.

lg smart tv mounted on the wall with a man sitting on the sofa pointing the remote at the screen

LG TV owners should trigger the WebOS update now to prevent hackers from using the flaw to cause chaos with their telly or other devices connected to the same Wi-Fi network

LG PRESS OFFICE

It can be used as a launch pad to gain access to other devices connected to the same Wi-Fi network to spread malware, monitor your activity, or leverage your devices as part of a botnot. If you have an LG Smart TV, it's worth keeping an eye out for unusual network activity, including sudden spikes of activity when you're not home.

Fortunately, there's no indication that hackers can use the bug within WebOS to access the payment information stored with popular streaming services like Netflix, Disney+, or Prime Video on the platform.

Alexandru Lazăr, a researcher for cybersecurity firm Bitdefender, says the flaw exists in WebOS 4.0 through to 7.0, meaning thousands of LG TVs are impacted by the flaw. Before publishing the research, Lazăr informed LG about the issue on November 1, 2023.

LG issued a software fix for all four flaws in WebOS on March 22, paving the way for Alexandru Lazăr to publish the findings. If you haven't updated the software on your telly for some time, this is definitely one patch that you really don't want to miss.

If you want to check that your LG TV is running the latest version of WebOS, follow the steps below:

  1. Use your remote to navigate to Settings > All Settings > Support
  2. Tap on Software Update
  3. Select Check for Updates to search for a new version of WebOS
  4. If an update is available, you'll see the button change to Download and Install
  5. And that's it — you'll be running the new WebOS update

To avoid a similar issue in future, you can dive back into Settings > All Settings > Support > Software Update, and then toggle Auto Update to "On". With this enabled, your LG TV will download new versions of WebOS in the background and install the software when you're not using the telly.

LATEST DEVELOPMENTS

It's been a rough few months for online security, with the largest database of leaked login details published on the Dark Web just a few weeks ago. Dubbed the "mother of all breaches", the troubling dataset contains passwords for millions of Twitter, LinkedIn, Telegram, and Dropbox accounts.

You may like