• Login
NORVANREPORTS.COM |  Business News, Insurance, Taxation, Oil & Gas, Maritime News, Ghana, Africa, World
  • Home
  • News
    • General
    • Political
  • Economy
  • Business
    • Agribusiness
    • Aviation
    • Banking & Finance
    • Energy
    • Insurance
    • Manufacturing
    • Markets
    • Maritime
    • Real Estate
    • Tourism
    • Transport
  • Technology
    • Telecom
    • Cyber-security
    • Cryptocurrency
    • Tech-guide
    • Social Media
  • Features
    • Interviews
    • Opinions
  • Reports
    • Banking/Finance
    • Insurance
    • Budgets
    • GDP
    • Inflation
    • Central Bank
    • Sec/Gse
  • Lifestyle
    • Sports
    • Entertainment
    • Travel
    • Environment
    • Weather
  • NRTV
    • Audio
    • Video
No Result
View All Result
No Result
View All Result
NORVANREPORTS.COM |  Business News, Insurance, Taxation, Oil & Gas, Maritime News, Ghana, Africa, World
No Result
View All Result
Home Technology Cyber-security

TCL smart TVs may have ‘Chinese backdoor’ — Research

5 years ago
in Cyber-security, Tech-guide, Technology
3 min read
0 0
0
106
VIEWS
Share on FacebookShare on TwitterShare on Linkedin

TCL smart TVs running Android seem to have huge security holes and could even be designed to spy on users around the world, two security researchers say. The issues do not affect TCL sets running Roku software.

“I can wholeheartedly say that there were multiple moments that I, and another security researcher that I met along the way, couldn’t believe what was happening,” wrote a researcher calling himself “Sick Codes” in a blog post earlier this week.

“On multiple occasions I found myself feeling as though, ‘you couldn’t even make this up.’”

Sick Codes and the other researcher, John Jackson, who works at photo-licensing service Shutterstock, discovered that they could access the entire filesystem of a TCL smart TV over a Wi-Fi connection using an undocumented TCP/IP port. They found that they could also overwrite files on the TV.

All of this could be done without entering a username, a password or any kind of authorization at all. The flaws were assigned the Common Vulnerability and Exposure catalog numbers CVE-2020-27403 and CVE-2020-28055 after the researchers notified the U.S. Computer Emergency Response Team (US-CERT) at Carnegie Mellon University in Pittsburgh.

The flaws were patched on the TV model that Sick Codes and Jackson were analyzing — more on that below — but apparently not all on TCL smart TV models.

Browsing someone else’s file system on your phone

RelatedPosts

Cyber Security Authority Flags Rising Mobile Data Scam, Cautions Public

New Standards for Economic Data Aim to Sharpen View of Global Economy 

Crypto Outpaces Traditional Finance: Fastest Growing Companies of 2025

Tom’s Guide reached out to Sick Codes and Jackson over Twitter, and in the course of the resulting conversation, we were sent a URL that appeared to give full access to the file system of a TCL smart TV in Zambia.

We were able to browse the directories of this random person’s TV through the Chrome browser on our Android phone, until the TV user apparently turned the TV off.

(Sick Codes told us that was one of only a dozen TCL smart TVs worldwide that was directly on the internet; in most cases, you’d have to be on the same local Wi-Fi network to be able to browse the file system.)

“When in the history of your career have you ever needed to serve the entire filesystem over http?” wondered Sick Codes in his blog post.

Tom’s Guide has reached out for comment to the North American division of TCL, which is a Chinese company, and we will update this story when we receive a reply.

Are TCL TVs collecting files from customers?

The pair also found that an app on the TCL TV, called Terminal Manager Remote, had a configuration file listing servers that seemed to be ready to handle files, logs, and screenshots pertaining to user TVs.

“It’s a Chinese backdoor,” Sick Codes told us in a telephone conversation.

The researchers’ blog post had a screenshot of the server list, which was divided into four regions. One was for mainland China, another for the rest of the Asia-Pacific region (including Hong Kong and Taiwan), a third for the Middle East, Africa and Europe, and the fourth for Latin America and North America.

It wasn’t exactly clear whether those servers were meant to send files to TCL TVs, or to receive files from them.

“I don’t have the answer,” wrote Sick Codes in the blog post. “TCL does, however.”

Tom’s Guide tried to access a few of the URLs and was told that “GET” requests — normal requests by web browsers to download files — were not supported. We’ll try to send some “POST” requests to upload files after working hours and will update this story if we discover anything interesting.

Sick Codes also sent us a link to what appeared to be a wide-open web server holding dozens of TCL firmware updates. No authorization was needed to view the files. We did not try to download any, but Sick Codes said it would be possible.

A ‘silent patch’ with worrisome implications

Sick Codes and Jackson said they tried to reach out to TCL using email, Twitter, telephone and direct posting on the TCL website to notify them of the flaws beginning Oct. 16, but it took until Oct. 26 before they got an acknowledgement that the message had been received.

“I called TCL and talked to a support representative,” Sick Codes wrote in the blog post. “I urged her that we had a serious vulnerability on our hands and she stated that she had no contact info to the Security team, and didn’t even think/know if TCL had a Security team.”

On Oct. 29, the problems on their test TV set were suddenly fixed without any notification, alert or request for user authorization.

“This was a totally silent patch,” Sick Codes told The Security Ledger, which first reported this story. “They basically logged in to my TV and closed the port.”

To Sick Codes, this is just as worrisome as the security flaws that got patched on some models (but not the one on which Tom’s Guide could browse the file system).

“This is a full on back door,” he told The Security Ledger. “If they want to, they could switch the TV on or off, turn the camera and mic on or off. They have full access.”

What should I do if I have a TCL smart TV?

If you own a TCL smart TV, first check whether it’s one of the versions running Roku software. Those do not seem to be affected by these flaws.

If it’s not a Roku model, then you’ll want to make sure that your home Wi-Fi network has a very strong password, and that you don’t give visitors the password. Many routers let you set up a separate network for that.

You’ll also want to get into your router’s administrative menu to disable access to devices inside your network from the internet. We’ve got a list of other smart-TV security tips.

Also, be aware that the TV manufacturer may be able to see what you’re watching. That’s not something specific to TCL — many smart TVs, set-top boxes and DVRs keep tabs on what their customers watch.

Tags: Roku SoftwareSick codesTCL smart TV
No Result
View All Result

Highlights

OPEC+ Nears Decision Point on Next Oil Output Hike

Europe’s Energy Future Hinges on Global Powers

US Companies Cut Investments in China to Record Lows, Here’s Why

How AI is Rewriting and Enhancing Water Risk Management

SheFarms Broiler Edition Kicks Off in Greater Accra

PharmAccess Ghana, Healthcare Federation of Ghana sign SafeCare License Agreement; to use Newest ISQua-Certified Version 5

Trending

Business

Multichoice Rebuffs Minister’s Claim On DSTV Price Cuts, Cites Market Conditions

August 3, 2025

Multichoice Rebuffs Minister's Claim On DSTV Price Cuts, Cites Market Conditions MultiChoice Ghana has pushed back against...

MTN Nigeria Now the Most Capitalized Stock in Nigeria

August 3, 2025

Nigerian Stock Market Creates Largest Pool of Billion-Dollar Stocks in 2025

August 3, 2025

OPEC+ Nears Decision Point on Next Oil Output Hike

August 3, 2025

Europe’s Energy Future Hinges on Global Powers

August 3, 2025

Who we are?

NORVANREPORTS.COM |  Business News, Insurance, Taxation, Oil & Gas, Maritime News, Ghana, Africa, World

NorvanReports is a unique data, business, and financial portal aimed at providing accurate, impartial reporting of business news on Ghana, Africa, and around the world from a truly independent reporting and analysis point of view.

© 2020 Norvanreports – credible news platform.
L: Hse #4 3rd Okle Link, Baatsonaa – Accra-Ghana T:+233-(0)26 451 1013 E: news@norvanreports.com info@norvanreports.com
All rights reserved we display professionalism at all stages of publications

No Result
View All Result
  • Home
  • Business
    • Agribusiness
    • Aviation
    • Energy
    • Insurance
    • Manufacturing
    • Real Estate
    • Maritime
    • Tourism
    • Transport
    • Banking & Finance
    • Trade
    • Markets
  • Economy
  • Reports
  • Technology
    • Cryptocurrency
    • Cyber-security
    • Social Media
    • Tech-guide
    • Telecom
  • Features
    • Interviews
    • Opinions
  • Lifestyle
    • Entertainment
    • Sports
    • Travel
    • Environment
    • Weather
  • NRTV
    • Audio
    • Video

Welcome Back!

Login to your account below

Forgotten Password?

Create New Account!

Fill the forms bellow to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In
NORVANREPORTS.COM | Business News, Insurance, Taxation, Oil & Gas, Maritime News, Ghana, Africa, World
This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy and Cookie Policy.
We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.