Does Your TCL Roku TV Have a 'Security Flaw'? The Answer is No.
However, you might still want to be careful about what kind of electronics you purchase.
Back in mid-November, some researchers sounded the alarm about a potential “Chinese backdoor” in the Android TVs that TCL sells in the United States.
The researcher and hacker known as “Sick Codes” discovered “extraordinary vulnerabilities” in the TCL Android TVs, and after he and a colleague notified TCL, they responded—after a delay—that they had researched and patched the vulnerability.
“Updating devices and applications to enhance security is a regular occurrence in the technology industry, and these updates should be distributed to all affected Android TV models in the coming days,” TCL said in a statement to the media.
Following the reports, the Trump Administration—which has devoted a great deal of attention to cracking down on Chinese technology companies—also addressed the issue.
“As an example, DHS is reviewing entities such as the Chinese manufacturer TCL,” Chad Wolf, the current Acting Secretary of Homeland Security, said in December 21 remarks to the Heritage Foundation, per a transcript published by the department. “This year it was discovered that TCL incorporated backdoors into all of its TV sets exposing users to cyber breaches and data exfiltration. TCL also receives CCP state support to compete in the global electronics market, which has propelled it to the third largest television manufacturer in the world.”
While Wolf is correct that TCL has received state support, it has not been established that TCL “incorporated backdoors into all of its TV sets,” at least not according to the research from Sick Codes and his partner. In fact, that research applied only to TCL’s Android models. There have been no media reports alleging that TCL Roku models have similar vulnerabilities.
It’s possible that DHS has information that it has not previously shared publicly about such backdoors, independently of the November research. But the department released a report last week, called “Data Security Business Advisory: Risks and Considerations for Businesses Using Data Services and Equipment from Firms Linked to the People’s Republic of China,” and TCL was not mentioned in it, nor were televisions at all.
TCL sells the majority of its TVs in the United States with the Roku platform, and has been selling Roku TVs in the U.S. market for much longer than it has Android ones, which only reached the U.S. this summer.
Meanwhile, according to a report by Digitimes on Monday, TCL has denied that it “planted backdoor software in its TVs sold to the U.S. market,” and also stated that TCL’s TVs sold in the U.S. “ are only pre-installed with operating systems developed by Roku and Google.” TCL also, per the report, has not been informed by the U.S. government that it is being investigated.
Stephen Silver, a technology writer for The National Interest, is a journalist, essayist and film critic, who is also a contributor to Philly Voice, Philadelphia Weekly, the Jewish Telegraphic Agency, Living Life Fearless, Backstage magazine, Broad Street Review and Splice Today. The co-founder of the Philadelphia Film Critics Circle, Stephen lives in suburban Philadelphia with his wife and two sons. Follow him on Twitter at @StephenSilver.