Security researchers found security issues on TCL smart TVs, but does not affect Roku-based televisions.
Shutterstock application security engineer John Jackson and security researcher "Sick Codes" found after investigating for three months that it is possible to access the file system of Android-based TCL smart TV through an undocumented TCP/IP port via Wi-Fi. Then, hackers can overwrite, collect, or delete files without the need for password or any security clearance.
According to PCMag, the researchers have already reached to the company to advise it about their findings, but have not yet received a reply. Good thing, the issue does not affect Roku-based TCL TVs.
TCL Smart TV Backdoor security flaw
Jackson and Sick Codes discovered security issues that affect Android-based TCL smart TV models. Sick Codes told Tom's Guide that the TV app called Terminal Manager Remote serves as a Chinese backdoor interview, although the researcher is unsure whether the app receives or sends info.
The two researchers provided the URL that gave access to a TCL smart TV in Zambia up to when the user turned off the device. Nevertheless, they were able to get into the TV systems and browse its directories.
After contacting TCL support, an employee said she does not know if TCL has a security team, which she had no contact information of. The researchers also contacted the US Computer Emergency Response Team (US-CERT), which assigned the flaws with Common Vulnerability and Exposure catalog numbers: CVE-2020-27403 and CVE-2020-28055. The agency also told them to make the flaw public if they were not receiving any response from the company.
Meanwhile, TCL has not given any public comment on the issue, but it eventually fixed the problem on Sick Codes' TV. Sick Codes told The Security Ledger that TCL logged in to his TV and closed the port. However, this silent patch is not applicable to all TCL models. He also alleged that as a "backdoor," the company may also have full access to customers' TVs.
Read also: Npm Package Steals Sensitive Files Targeting Google Chrome, Brave, Opera, Yandex, Discord Messaging App
How to protect your TV from hackers
As the TCL is the third largest TV maker in the world, this flaw could be putting millions of smart TVs at risk of intrusion or hacking, although it is not sure if a new security update could fix this error.
Even after TCL claims it has fixed the issue, the backdoor flaw still exposed the television units for hacking. Here are some ways to reduce the risk of the smart TVs getting hacked as suggested by the Federal Bureau of Investigation:
- Check for any update on the device's systems. Make sure to update it with the latest software
- Look up the television model number for "camera," "microphone," and "privacy." Check all the device settings as well as options on how to get these features.
- Regularly change passwords and do not solely rely on the default security settings of the TV. Instead, learn how to turn off the cameras, microphones, and data collection.
- If the smart TV has a camera lens, get black tape or anything to cover it up.
Meanwhile, those who suspect to be victims of a cyberattack, hacking, or fraud may reach out to the FBI's Internet Crime Complaint Center and file a report through www.IC3.gov.
Hackers will continue to find ways to get access to consumers' devices and files, unless the public become vigilant in securing themselves.
Related article: Microsoft Teams Hit by 'FakeUpdates' Malware Using Cobalt Strike; Here's How to Prevent It
This is owned by Tech Times
Written by CJ Robles