PC Magazine
Published in

PC Magazine

Report: Researchers Find ‘Backdoor’ Security Flaw in TCL Smart TVs

Security researchers find worrying issues affecting versions of TCL smart TVs running Android operating systems. The problem does not affect Roku-based TCL TVs.

By Brittany Vincent

Android-based TCL smart TVs have a security problem, according to two security researchers.

A three-month investigation from security researcher “Sick Codes” and Shutterstock application security engineer John Jackson discovered that it’s possible to access a TCL smart TV file system over Wi-Fi via an undocumented TCP/IP port, and then collect, delete, or overwrite files without the need for any sort of password or security clearance. The problem does not affect Roku-based TCL TVs.

One TCL TV app, known as Terminal Manager Remote, is a “Chinese backdoor,” Sick Codes alleged in an interview with Tom’s Guide, though he doesn’t know if it’s sending or receiving info. Sick Codes and Jackson provided the site with a URL that granted the writer access to a TCL smart TV in Zambia, where they were able to browse the TV’s directories until, presumably, the user turned off the unit.

The researchers tried to alert TCL to their findings, but received no reply. A TCL support employee told Sick Codes she had “no contact info [for] the Security team, and didn’t even think/know if TCL had a Security team.” They also contacted the US Computer Emergency Response Team (US-CERT), which took some time to reply but ultimately told the pair to disclose the flaw if they were receiving no response from TCL.

Eventually the problem was fixed on Sick Codes’ TV with a “silent patch.” TCL “basically logged in to my TV and closed the port,” he told The Security Ledger. This patch did not apply to every TCL model, however, and as Sick Codes states, this “backdoor” means the company may as well have full access to consumer models.

TCL has not yet publicly commented on the problem.

Originally published at https://www.pcmag.com.

--

--

--

PC Magazine: redefining technology news and reviews since 1982.

Recommended from Medium

Web3: A Historical Perspective

John Romero Confirms ‘Doom’ Protagonist’s Name Once and for All

The Weirdest Job Titles Might Also Be the Most Unpopular

A Smear of DNA Can Hold 10,000 Gigabytes of Data

Interior of a futuristic data center server room.

How to buy Flok Cowries

5 Awesome tech gadgets you must check out in 2022

How augmented reality is revolutionizing the way people shop

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
PCMag

PCMag

More from Medium

Should You Buy Kaspersky Security Products?

Do I still need antivirus and what exactly is next gen?

InfoSecSherpa’s News Roundup for Monday, January 24, 2022

Image by Steve Buissinne from Pixabay

Kubernetes Network Policy or Blocking External Traffic will Slightly Reduce log4j Attack, not…