Posted on November 13, 2020 at 5:09 PM
A security researcher from Sick.Codes found a major flaw in TCL’s Android Smart TVs, which can allow hackers to access the TV and its hidden files.
Smart TVs have been a major trend around the world for years now, as they allow a lot more options and let you have a greater selection of things to watch than regular old TVs. Of course, with these benefits also comes greater responsibility, and greater danger if people do not take certain precautions.
For example, smart TVs are just as complex and advanced as smartphones and computers. And, thanks to their connection to the internet, they are also exposed to the same threats.
The difference is that users protect their PCs, but they often do not do the same when it comes to TVs, and it is only a matter of time before the hackers find a way to access their device.
This is not a new problem, either. The same issue has persisted for years, despite security researchers’ and even the FBI’s warnings about hackers seeking unsecured Smart TVs and attempting to install backdoors into their networks.
The risks have been growing larger and larger each year, and now, a new flaw was discovered that has put millions of TCL Android Smart TVs at risk of hacking.
A new flaw threatens TCL Smart TV owners
The flaw was discovered by a security researcher at Sick.Codes, and it involves open networking ports in Android Smart TV’s back-end. According to the researcher’s report, it is possible for hackers to scan the ports and gain access without the users being aware of it.
Doing so can reveal the TV’s IP address, and with it, the hacker can use an ordinary web browser to access and see hidden files.
The researcher tested numerous IP addresses, which led to the discovery of http://10.0.0.117:7989/sdcard. From this page, the researcher was able to see all critical system files that the TV had stored on its memory card. None of the files were protected in any way.
TCL reported issuing a fix, but the problem persists
After the flaw was reported to TCL, the company claimed that the issue was fixed. However, the researcher wanted to check again, and look even further, which led to another new discovery. Basically, TCL did make some improvements by altering some of the most critical files. However, the researcher was still able to edit any files, provided that they had access to the file system.
Given that the TCL is the third-largest TV maker in the world, and that its Smart TVs are being sold across the globe, that puts millions at risk of being hacked and suffering intrusion and similar consequences.
Meanwhile, these users are unaware of their exposure, and even worse — they have no way of fixing the issue themselves. At this time, it remains unknown whether TCL is even working on a new security update that would permanently fix the bug.
What can be done about it?
Until this problem is taken care of, anyone wishing to buy a new smart TV will likely be better off picking a different brand. As for those who already own a TCL TV, they can take certain steps to reduce the chance of being hacked.
The FBI recommends several methods, such as checking the settings and options for features such as camera, privacy, and microphone. Next, users should not rely on default security settings. That means changing their TV password immediately if possible, and finding out how to turn off data collection, microphone, and camera.
Otherwise, these features could be used to spy on the user and their household. Another option is to simply cover up the camera with black tape. Lastly, users should always remember to update their devices regularly.