Millions of TCL Android smart TVs have a critical security flaw

Opt-in to Cyber Safety. Multiple layers of protection for your devices, online privacy and more.

Smart TVs are computers just like your phone and laptop, and they’re vulnerable to the same kind of threats. If security holes exist in a smart TV model, it’s only a matter of time before hackers find a way to break in and control it.

Last year, the FBI warned that hackers could use unsecured smart TVs as a backdoor into your network. Tap or click here to see how to keep your TV safe.

In 2020, the risks are even more obvious. One of the most popular smart TV brands has a critical flaw in its operating system that gives a hacker full access to the system’s back end. All they need to know is the TV’s IP address.

White-hat hacker finds a critical flaw in TCL smart TVs

Millions of TCL Android smart TVs are at risk for hacking thanks to a flaw found by a security researcher from Sick.Codes.

The flaw involves open networking ports in the smart TV’s back-end, which hackers can scan to gain access without you knowing. If a hacker scans the ports, they can learn the TV’s IP addresses and see its hidden files with an ordinary web browser.

Tap or click here to see how to test your firewall and protect your home network.

After testing different IP addresses, the researcher came upon This page let him see critical system files stored on the TV’s memory card, and none of them had any form of protection.

With enough time, a hacker could rewrite code on the smart TV, inject malicious files or disable it altogether. The researcher forwarded his findings to TCL, and it took 13 days for the company to get back to him.

TCL responded and claimed to have fixed the issue, but the researcher decided to dig even further. He found that while TCL did alter some of the TV’s most critical files, all of them could still be edited by any user with access to the file system.

TCL is the world’s third-largest TV manufacturer. Millions of the company’s smart TVs could be at risk for hacking or intrusion with no way to protect against it. There is no word whether or not a new security update will be released for the bug.