From 51678fcf342aae786d6adbb281796daf802e93c5 Mon Sep 17 00:00:00 2001
From: Piotr Dobrowolski <admin@tastycode.pl>
Date: Sat, 1 May 2021 09:14:53 +0200
Subject: [PATCH] Update README

---
 README.md | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/README.md b/README.md
index d2a38ee..e690319 100644
--- a/README.md
+++ b/README.md
@@ -86,6 +86,13 @@ considered a security issue in most browsers for a while now - navigation to
 `data:` base64-encoded URI. This makes our browser no longer consider the origin
 being secure, and we can again access the plain-http WebSocket server.
 
+#### Mitigation note
+
+An observant reader may have noticed that the service we use is meant to be used
+remotely. While the connection itself needs a confirmation using a remote **we
+highly recommend to disable LG Connect Apps functionality** in order to prevent
+remote exploitation, or at least to keep the TV on a separate network.
+
 ### Step #1 - Social login escape (stage1.html)
 
 Having some initial programmatic control of the TV via SSAP we can execute any