TCL smart TVs running Android Tv allegedly have a huge security hole(s) which might have been designed to spy on users around the world, new research has concluded.
Smart TVs, just like your phone and laptop are vulnerable to security threats. If security holes exist in a smart TV model, it’s only a matter of time before malicious people use them to harvest your data.
According to Tom’s Guide, two researchers said they had discovered that they could access the entire filesystem of a TCL smart TV over a Wi-Fi connection using an undocumented TCP/IP port. They found that they could also overwrite files on the TV.
“I can wholeheartedly say that there were multiple moments that I, and another security researcher that I met along the way, couldn’t believe what was happening,” wrote a researcher calling himself “Sick Codes” in a blog post earlier this week. “On multiple occasions I found myself feeling as though, ‘you couldn’t even make this up.”
All of this could be done without entering a username, a password or any kind of authorization at all. The flaw involves open networking ports in the smart TV’s back-end, which hackers can scan to gain access without you knowing. If a hacker scans the ports, they can learn the TV’s IP addresses and see its hidden files with an ordinary web browser.
After testing different IP addresses, the researcher came upon http://10.0.0.117:7989/sdcard, a page which let him see critical system files stored on the TV’s internal memory and none of which had any form of protection.
With this information, a hacker could rewrite code on the smart TV, inject malicious files or disable it altogether. The researcher forwarded his findings to TCL who did not respond until 13 days later saying they had fixed the backdoor.
The researcher decided to dig even further. Here he found that while TCL did alter some of the TV’s most critical files, all of them could still be edited by any user with access to the file system.
TCL is the world’s third-largest TV manufacturer which means the company releases millions of smart TVs to the world, all of which are at risk of being hacked with no way to protect against it.
There are still significant risks in buying a TCL device now. If you had planned on buying a new smart TV, you might want to pick a brand other than TCL.