The bug is still unpatched on LG TVs, whose latest update was released on January 13. The vulnerability has been published on January 14, so LG has not had time to fix it yet. Although the bug has been exploited on a 2019 TV, Buchanan says the bug can be exploited on 2020 and 2021 models. However, these models use newer versions of Chrome as their browser, so an n-day exploit will be needed. different.
In the video that Buchanan has uploaded to his Twitter account, you can see how you can get almost total control of the TV, showing notifications, messages, and even choosing the video you want to play on it.
The vulnerability demolishes all those comments that say that "if you are concerned about your privacy, do not connect the TV to the Internet". Now, it is possible to hack LG TVs without them being connected to the Internet. However, the flaw can be mitigated by disabling HbbTV's autostart feature, although Buchanan says that many other vulnerabilities remain in DVB.
How to Overcome Communication Apprehension https://t.co/3TwkL4ZB9y his video was cached fromHow To DIY Channel ,… https://t.co/1pr2obwmfh
— aysar one athamneh Mon Jun 24 06:36:38 +0000 2019
With this exploit it is possible to root LG TVs. There is a tool called RootMyTV, which makes it easier to exploit the vulnerability to install the Homebrew Channel on a TV after rooting it. Thanks to this, unauthorized and community-created applications can be installed, such as Moonlight to play your PC games remotely (since webOS does not have the Steam Link app), YouTube with enhanced functions, RetroArch to play emulators , and many more to come in the future.
After the vulnerability, they have updated RootMyTV to version 2.0, where, just by entering the rootmy.tv website from an LG television, it is already possible to root it to install applications on it. All current LG models can be rooted with this method, including those updated to version 04.30.57 released this week. Automatic system updates are disabled after rooting in case there is a problem with the updates. In the event that you want to remove the root, you just have to do a Factory Reset of the TV to leave it back to how it was from the factory, so the method is quite safe.
1803