[ad_1]
Android-based TCL smart TVs have a security problem, two security researchers say.
A three-month investigation by security researcher “Sick Codes” and Shutterstock application security engineer John Jackson discovered that it is possible to access a TCL Smart TV file system over Wi-Fi via a undocumented TCP / IP port, and then collect, delete, or overwrite files without needing a password or security clearance. The issue does not affect Roku-based TCL TVs.
A TCL TV app, known as Terminal Manager Remote, is a “Chinese backdoor,” Sick Codes said in an interview with Tom’s Guide, although he is not sure whether he is sending or receiving information. Sick Codes and Jackson provided the site with a URL that granted the writer access to a TCL smart TV in Zambia, where they were able to browse the TV’s directories until, presumably, the user turned off the apparatus.
The researchers tried to alert TCL to their findings, but received no response. A TCL support worker told Sick Codes that she had “no contact information. [for] security team, and they didn’t even think / even know if TCL had a security team. “They also contacted the US Computer Emergency Response Team (US-CERT), which took a while to respond, but ultimately told the pair to reveal the flaw if they didn’t receive any. response from TCL.
Eventually, the issue was resolved on Sick Codes TV with a “silent patch”. TCL “basically hooked up to my television and shut down the port,” he told The Security Ledger. This fix did not apply to all TCL models, however, and as Sick Codes points out, this “backdoor” means the company may as well have full access to mainstream models.
TCL has yet to comment publicly on the issue.
Further reading
TV Reviews
Top TV Choices
[ad_2]
Source link