SoylentNews

takyon [soylentnews.org] writes:

Major Security Flaws in TCL Android Smart TVs May Have Opened Chinese Backdoor, Researchers Say [ibtimes.sg]

Security vulnerabilities exist on all devices that can be connected to the internet. Some mitigate the risks by patching any security holes that exist while others are not very quick. That eventually leads to hackers compromising the system. Similarly, smart televisions too can be hacked and at the moment TCL smart TVs running the Android TV operating system seem to be vulnerable with backdoors, affecting millions of users.

Two cybersecurity researchers dug deep into the world of smart TVs to study the cybersecurity infrastructure and were stunned by TCL's lackluster security flaws. Sick Codes, a white-hat hacker and John Jackson, an application security engineer at Shutterstock, a photo-licensing company found that TCL smart TVs' entire file system could be accessed over Wi-Fi through undocumented TCP/IP port. Besides that, the files could also be overwritten without any authentication (no username and password needed).

"I can wholeheartedly say that there were multiple moments that I, and another security researcher that I met along the way, couldn't believe what was happening. On multiple occasions I found myself feeling as though, you couldn't even make this up," Sick Codes wrote in a blog post [sick.codes].

Suddenly that $150 4K TV doesn't seem like such a great deal.

TCL Technology [wikipedia.org].

Also at The Security Ledger [securityledger.com] and Hot Hardware [hothardware.com].

Original Submission