 |  |  |  |  |
TCL Android tellies had gapping security holes
| |||||||||
|
TCL Android tellies had gapping security holes
| | |||||||
 |
 |
| | Thread Tools |
13th November 2020, 15:36
| #1 |
| [M] Reviewer  Join Date: May 2010 Location: Romania
Posts: 153,575
 |  TCL Android tellies had gapping security holes Anyone could have taken control Millions of Android smart television sets from the Chinese vendor TCL Technology Group contained gaping software security holes that researchers say could have allowed remote attackers to take control of the devices, steal data or even control cameras and microphones to look at the set's owners. The security holes appear to have been patched by the manufacturer in early November. However the manner in which the holes were closed is raising further alarm among the researchers about whether the China-based firm is able to access and control deployed television sets without the owner's knowledge or permission. A report into the affair describes two serious software security holes affecting TCL brand television sets. First, a vulnerability in the software that runs TCL Android Smart TVs allowed an attacker on the adjacent network to browse and download sensitive files over an insecure web server running on port 7989. That flaw, CVE-2020-27403, would allow an unprivileged remote attacker on the adjacent network to download most system files from the TV set up to and including images, personal data and security tokens for connected applications. The flaw could lead to serious critical information disclosure, the researchers warned. Second, the researchers found a vulnerability in the TCL software that allowed a local unprivileged attacker to read from and write to critical vendor resource directories within the TV's Android file system, including the vendor upgrades folder. That flaw was assigned the identifier CVE-2020-28055. One of the security experts behind the report, John Jackson, an application security engineer for Shutter Stock, said the flaws amount to a "back door" on any TCL Android smart television. "Anybody on an adjacent network can browse the TV's file system and download any file they want", said Jackson. That would include everything from image files to small databases associated with installed applications, location data or security tokens for smart TV apps like Gmail. https://fudzilla.com/news/51876-tcl-...security-holes |
|  |
|
Similar Threads | ||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Microsoft warns Windows users of two security holes already under attack | Stefan Mileschin | WebNews | 0 | 24th March 2020 06:42 |
| Three more security holes found in Intel chips | Stefan Mileschin | WebNews | 0 | 16th August 2018 08:15 |
| Android bugs hard to shift from tellies | Stefan Mileschin | WebNews | 0 | 30th December 2016 09:52 |
| Latest Flash update fixes a whopping 79 security holes | Stefan Mileschin | WebNews | 0 | 10th December 2015 15:24 |
| FBI: yes, we exploit unpatched security holes | Stefan Mileschin | WebNews | 0 | 10th December 2015 15:19 |
| Google reveals Mac security holes before Apple's fix is ready | Stefan Mileschin | WebNews | 0 | 26th January 2015 08:18 |
| Oracle Fixes 42 Security Holes | Stefan Mileschin | WebNews | 0 | 18th April 2013 08:08 |
| Safari blocking outdated Flash plug-ins due to security holes | Stefan Mileschin | WebNews | 0 | 4th March 2013 10:37 |
| Battlefield 2 stat security holes exploited | jmke | WebNews | 0 | 26th July 2005 17:31 |
| Two serious security holes found in Firefox | Sidney | WebNews | 0 | 9th May 2005 03:56 |
| Thread Tools | |
| |
