Report highlights serious security flaws in LG smart TVs

The company ISH Tecnologia issued a new technical report, where he identified a series of security flaws in smart televisions from South Korean LG.

According to the text, the flaws are varied, but they all allow a potential attacker to bypass the authorization measures for smart TVs equipped with the WebOS operating system, establishing a user profile with elevated privileges, being able to access and change the device’s primary settings. .

WebOS is the “bridge” that connects the television to the internet or installing and accessing social networking and streaming applications. That’s where the risk lies: with a high privilege profile, an attacker could open these applications and access personal informationsuch as access credentials or credit card numbers.

According to the ISH Tecnologia bulletin, the flaws are so notable that they were found by Shodan, a type of search engine specialized in finding connected devices with open access to the internet. Needless to say, security researchers and hackers make extensive use of the site to identify flaws of this type – although with different objectives.

In this case, the company speaks of 87 thousand devices displayed nationally and internationally: in Brazil, “open” televisions were identified in cities such as São Paulo, Osasco, Rio de Janeiro, Belo Horizonte and Brasília. Abroad, nations such as South Korea, Hong Kong, the United States, Sweden, Finland and Latvia are on the list.

ISH Tecnologia was able to summarize the presence of the flaw in four versions of WebOS.

Contrary to what is seen on smartphones, tablets and personal computers – where practices such as “two-factor authentication” tend to be the main security tip – smart TVs do not always have this possibility as their interfaces are designed for quick access .

Still, there are certain precautions you should take in order to avoid problems:

Furthermore, if your TV is in a public environment, consider using padlocks, enclosures and other physical measures to store it. Also keep an eye out for strange behavior – apps that open on their own or previously non-existent slowdowns. And always keep an eye out for social engineering scams like phishing or calls from strange numbers, and never give your information to anyone before confirming that the person is who they say they are.

There is still no information that LG has released any updates to correct the problems, but it is likely that the company has already been notified by researchers.