:quality(75)/cloudfront-us-east-1.images.arcpublishing.com/elcomercio/QHHDMYE7SRFIPBOK222GNGHHOA.jpg "Google fixes critical bug in Android TV that exposed Gmail accounts on Smart TV | TECHNOLOGY")
Google has solved an existing vulnerability in the Android TV operating system, present in different Smart TV models, that allowed unauthorized access to data and information from users’ Gmail accounts without having to enter a password or access PIN.
Android TV is Google’s operating system developed specifically for smart TVs and other streaming devices, such as TV Box. For its operation, it requires users to log in with a Google account.
Earlier this year, content creator Cameron Gray posted a video titled ‘Why You Should Never Sign In to Android TV With an Important Google Account’ in which he reported on a security breach in Android TV, which would affect all devices that run this operating system. Specifically, he demonstrated that by logging into the Google account, the system allowed the user to access Gmail and user information.
To do this, Gray downloaded the TV Bro web browser, available on the Google Play Store. Once installed, she accessed an APK for the Google Chrome browser and, through it, was able to log into Gmail. Thus, he demonstrated that any malicious agent could access an account of this Google service because the browser is linked to Android TV and opens this application automatically, without requesting the access credential.
Google, which has learned of this possibility after being notified by US Senator Ron Wyden that it has conducted “a review of the privacy practices of TV streaming technology providers,” has been working on a solution for this problem.
It has also noted that it is aware of this possible scenario, “in which criminals can manually override the default settings to download normally restricted Google applications on a TV and access its services through the logged-in account,” as stated. collects 404 Media.
With this, the company has clarified that “the majority of Google TV devices running the latest software versions no longer allow this represented behavior” and that it is already working on the corresponding solution “for the rest of the devices.”