Dangers of Smart Devices

LG is a well-known brand in the field of electronics, they are a pioneer in creating immaculate displays and cutting-edge IoT devices and incorporating them into daily life to create a seamless smart home experience. On 9th April 2024, a researcher from BitDefender reported that LG’s WebOS versions 4 through 7 that they install on their smart TVs are vulnerable to CVE-2023-6317( bypass authorization and add a new user to the targeted TV), CVE-2023-6318(elevate privileges to root and take full control of the device), 2023-6319( allow arbitrary command injection), and CVE-2023-6320( allow arbitrary command injection). Over 90,000 TVs were affected by this vulnerability. These vulnerabilities were easily discovered through one Shodan search, which shows how weak their WebOS security is.

How smart devices affect are day to day life

Smart Devices have become an integral part of day-to-day life, they closely monitor our health and have all our personal information which they store onboard or save to their cloud, and some can even control house conditions. All these devices are connected to a home network, this network is shared by PCs, phones, NAS, etc. This vulnerability in LG WebOS enables attackers to gain unauthorized access to the TV which later on can be accelerated as a privilege escalation attack, which will help the attacker to take over the network. These kinds of attacks compromise victims’ network integrity as there is an unauthorized user with admin privileges and also hampers confidentiality, as a privileged attacker can easily access NAS or locally hosted servers that may contain various PII.

Security measures that can help minimize the effects

Companies that produce TVs and small IoTs primarily focus on the user experience and omit security practices, which is the main reason for these kinds of vulnerabilities. To mitigate these kinds of attacks, a user can create a separate virtual network one for their personal devices and one for their smart devices. Also, manufacturers should also prioritize security in their development cycle.

Thank you for reading the article !!!☺️

References:

[1] https://www.bleepingcomputer.com/news/security/over-90-000-lg-smart-tvs-may-be-exposed-to-remote-attacks/

[2] https://www.securityweek.com/thousands-of-lg-tvs-possibly-exposed-to-remote-hacking/#:~:text=Many%20LG%20TVs%20may%20be,vulnerabilities%20found%20by%20Bitdefender%20researchers.&text=Researchers%20at%20cybersecurity%20firm%20Bitdefender,electronics%20giant's%20WebOS%20operating%20system.

[3] https://arstechnica.com/security/2024/04/patches-released-for-as-many-as-91000-hackable-lg-tvs-exposed-to-the-internet/

[4] https://securityaffairs.com/161651/hacking/lg-smart-tvs-vulnerable.html