Dangerous security issues found in millions of smart TVs

November 12, 2020

By Kim Komando

Smart TVs are computers just like your phone and laptop, and they’re vulnerable to the same kind of threats. If security holes exist in a smart TV model, it’s only a matter of time before hackers find a way to break in and control it.

Last year, the FBI warned that hackers could use unsecured smart TVs as a backdoor into your network. Tap or click here to see how to keep your TV safe.

In 2020, the risks are even more obvious. One of the most popular smart TV brands has a critical flaw in its operating system that gives a hacker full access to the system’s back end. All they need to know is the TV’s IP address.

White-hat hacker finds a critical flaw in TCL smart TVs

Millions of TCL Android smart TVs are at risk for hacking thanks to a flaw found by a security researcher from Sick.Codes.

The flaw involves open networking ports in the smart TV’s back-end, which hackers can scan to gain access without you knowing. If a hacker scans the ports, they can learn the TV’s IP addresses and see its hidden files with an ordinary web browser.

Tap or click here to see how to test your firewall and protect your home network.

After testing different IP addresses, the researcher came upon http://10.0.0.117:7989/sdcard. This page let him see critical system files stored on the TV’s memory card, and none of them had any form of protection.

With enough time, a hacker could rewrite code on the smart TV, inject malicious files or disable it altogether. The researcher forwarded his findings to TCL, and it took 13 days for the company to get back to him.

TCL responded and claimed to have fixed the issue, but the researcher decided to dig even further. He found that while TCL did alter some of the TV’s most critical files, all of them could still be edited by any user with access to the file system.

TCL is the world’s third-largest TV manufacturer. Millions of the company’s smart TVs could be at risk for hacking or intrusion with no way to protect against it. There is no word whether or not a new security update will be released for the bug.

I have a TCL smart TV. What should I do?

Although TCL says the issue is fixed, there are still significant risks for the devices in the back end. If you had planned on buying a new smart TV, you might want to pick a brand other than TCL.

If you already have a TCL TV, your goal should be to reduce the risk of getting hacked. The FBI has several suggestions you can use to protect your smart TV from harm:

• Search the web for your TV’s model number and the words “microphone,” “camera” and “privacy.” Check all the settings and options you have for these features.
• Avoid relying on your TV’s default security settings. Change passwords if you can — and find out how to turn off the microphones, cameras and data collection if possible. Tap or click here to see how to stop your smart TV from snooping on you.
• If your smart TV comes with a camera lens, cover it up with a piece of black tape.
• Check if the device can be updated. Update to the latest software.

If you think you’ve been the victim of cyber fraud or a hack, report it to the FBI’s Internet Crime Complaint Center at www.IC3.gov or call your local FBI office.

We can’t rely on device-makers to protect us from cybercriminals. Unless we take steps to secure our devices, hackers will continue to poke holes in them.

Tap or click here to see the best ways to secure your new devices against cybercriminals.