Major security flaw found in TCL Android TV’s, tech researchers say

Security flaw in TCL's Android TV's, tech experts say

CINCINNATI (FOX19) - Holiday shoppers looking to buy a smart TV may want to do some extra research before buying.

The technology company, TCL, says that independent tech researchers Sick.Codes and Shuttershock Application Security Engineer John Jackson reported finding a backdoor security flaw with TCL’s Android TV’s.

A publication called Digital Information World says the flaw could allow an intruder to collect information from the file system, delete files, or rewrite files without a password.

“It would allow hackers to essentially upload new software to the TV which could make it potentially do anything that any computerized device connected to your network could do,” FOX19 NOW’s tech expert Dave Hatter said.

In a statement TCL released, it reads:

“TCL was recently notified by an independent security researcher of two vulnerabilities in Android TV models. Once TCL received notification, the company quickly took steps to investigate, thoroughly test, develop patches, and implement a plan to send updates to resolve the matter. Updating devices and applications to enhance security is a regular occurrence in the technology industry, and these updates should be distributed to all affected Android TV models in the coming days.

TCL takes privacy and security very seriously, and particularly appreciates the vital role that independent researchers play in the technology ecosystem. We wish to thank the security researchers for bringing this matter to our attention as we work to advance the user experience. We are committed to bringing consumers secure and robust products, and we’re confident that we’re putting in place effective solutions for these devices.”

Sick.codes stated on their page, “The TV that I conducted preliminary tests on was silently patched. No update warning was sent.”

Our tech expert says that should raise some red flags.

“Normally when you update software, it will show a new version number. They didn’t update anything. So, they just sort of silently got into your TV remotely and fixed it for you,” Hatter said.

NOTE: This security flaw only impacts TCL Android TVs and not its line of Roku TVs

See a spelling or grammar error in our story? Click here to report it. Please include title of story.

Copyright 2020 WXIX. All rights reserved.