WikiLeaks Releases New CIA Secret: Tapping Microphones On Some Samsung TVs (fossbytes.com) 100
FossBytes reports:
The whistleblower website Wikileaks has published another set of hacking tools belonging to the American intelligence agency CIA. The latest revelation includes a user guide for CIA's "Weeping Angel" tool... derived from another tool called "Extending" which belongs to UK's intelligence agency MI5/BTSS, according to Wikileaks. Extending takes control of Samsung F Series Smart TV. The highly detailed user guide describes it as an implant "designed to record audio from the built-in microphone and egress or store the data."
According to the user guide, the malware can be deployed on a TV via a USB stick after configuring it on a Linux system. It is possible to transfer the recorded audio files through the USB stick or by setting up a WiFi hotspot near the TV. Also, a Live Liston Tool, running on a Windows OS, can be used to listen to audio exfiltration in real-time. Wikileaks mentioned that the two agencies, CIA and MI5/BTSS made collaborative efforts to create Weeping Angel during their Joint Development Workshops.
According to the user guide, the malware can be deployed on a TV via a USB stick after configuring it on a Linux system. It is possible to transfer the recorded audio files through the USB stick or by setting up a WiFi hotspot near the TV. Also, a Live Liston Tool, running on a Windows OS, can be used to listen to audio exfiltration in real-time. Wikileaks mentioned that the two agencies, CIA and MI5/BTSS made collaborative efforts to create Weeping Angel during their Joint Development Workshops.
Samasung's ToS what a joke (Score:5, Informative)
in effect Samsungs ToS says that if you need to have a private conversation you should leave the room.
My living room and I'm supposed to no longer have a realistic expectation of privacy...
Short term solution ensure no connection to internet for TV
Longer term - got rid of the Samsung junk and replaced it with something else...
Re: (Score:3)
Re: (Score:3, Insightful)
If you are of particular government interest they could set up a surreptitious wifi hotspot for you.
People always say this kind of thing. The thing is, that they could, but they wouldn't. They probably aren't particularly interested in you now. However, say a few years down the line you have a big successful company and "they" want to force you to betray a customer, what can they then do? With the wifi hotspot nothing because they won't have known that you have the company in future.
With mass surveillance and cheap access to your smart TV they can just monitor everyone and then, when the find out your
The U.S. government is CORRUPT! (Score:2, Interesting)
There are exceptions: Volkswagen to pay $2.8 billion in US diesel emission scandal [cnbc.com]
Re: (Score:3)
Rich corporations and people are allowed to do what they want.
There are exceptions: Volkswagen to pay $2.8 billion in US diesel emission scandal
That's because they cheated the GOVERNMENT.
But it's nice to see the individuals who got hurt (lower mileage once the patches are applied, lower resale value) getting some of the bux for a change.
(Why do you still get robo-calls? Because the Fed preempted state laws that had let people sue the robo-callers for damages.)
Re: (Score:2)
>bwing managed
Is bwing management what comes after agile?
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
in effect Samsungs ToS says that if you need to have a private conversation you should leave the room.
My ToS said don't plug in the ethernet cable.
Re: (Score:2)
Doesn't help. The exploit can be delivered via DVB-T or DVB-S, so if you watch OTA or satellite TV, it is game over. From there, it can set up the wireless network itself, connecting to an attacker-provided hotspot.
Re: (Score:2)
Doesn't help. The exploit can be delivered via DVB-T or DVB-S, so if you watch OTA or satellite TV, it is game over. From there, it can set up the wireless network itself, connecting to an attacker-provided hotspot.
However that makes it a local attack.
Re: (Score:3)
Any device with a microphone attached to a computer that's always left partially powered on could be hacked to do this. Previous leaks have pointed to similar malware for phones. It's just that TVs are easier to hack since they're frequently left unattended (and people like you think they're safe if it doesn
Re: (Score:2)
And I'm not even sure the microphone is necessary.
Well, the TV has a microphone already directed to capture voices in the room and is a nice power supply for the USB stick.
Without the TV a bug would have been planted anyway, but providing it with power would be trickier.
News flash (Score:5, Insightful)
News Flash!
If it has a microphone, camera, receives RF, or transmits RF, you can bet that the CIA, NSA, GCHQ, GCSE, ISI, etc., have figured out how to spy on and/or surreptitiously activate the device or have at least given it a serious try.
Why do people continue to be surprised by these revelations?
About the only new information here, I suppose, is the specific devices targeted and the degree of success which they have achieved. Still, if you are concerned about espionage, then treat every electronic device as compromised and you won't have a problem.
Re: (Score:2)
Any UNIX or Linux device that has a microphone, camera, or other sensor and TCP/IP support is going to be able to be tapped. Every device in /dev is a stream input or output device. That data can be read and then sent out to anywhere else in the world using the "sockets" library. That allows everything from VOIP to video-conferencing, instant messaging and group chat.
Re: (Score:2)
Re: (Score:1)
Any UNIX or Linux device that has a microphone, camera, or other sensor and TCP/IP support is going to be able to be tapped.
... only if they can get PulseAudio to work.
We're safe, for a while.
Re: (Score:2)
I just pictured Assange-as-Frankenstein as in Gene Wilder's character during the, "Puttin' on the Ritz," scene in Young Frankenstein, trying to distract both the monster and the audience as the presentation/act starts going down in flames...
Re: (Score:1)
People have to pretend to be surprised. AMERICA DOESN'T SPY!!!!, just like AMERICA DOESN'T TORTURE!!! back in the Bush years. Assange feeds into the doublethink, desperate to save his own ass.
A shame - he would've been safer with Clinton in the White House.
Re: (Score:1)
Re: (Score:2)
Weeping Angel (Score:4, Funny)
So, does the television get closer to you every time you blink?
Re: (Score:2)
From the name, I was expecting it to be an obfuscation tool for hiding other malware when the user opens certain programs like the task manager etc.
Re: (Score:2)
And when it gets close enough, it kills you by displaying something horrifying and british, like noseybonk.
Time for an "Open Source" TV system (Score:2, Interesting)
This should not be that tough. I am of the thought that anything electronic cannot survive the CIA and the like.
Desktop PCs have no microphones (Score:2)
Do you really, really need a laptop?
And if you're paranoid, you can install a switch on the speaker so that it cannot be turned into a microphone.
Re: Desktop PCs have no microphones (Score:4, Funny)
Congratulations on missing the point.
I thought this was released weeks ago (Score:5, Interesting)
I thought one of the previous releases mentioned Weeping Angel (or at least weeping something) and that it turned Samsung TVs into room bugs. So I assumed this one was more details on it.
But the media seems to be talking about it as if it's new with this release and a big surprise.
Did they just notice it now, or am I misremembering the earlier stuff? (Either way, it's good that it's finally getting public attention.)
(Sorry to bother others with the question. But I've been too busy to plow through it all personally and would appreciate info from people who have done some deep-diving.)
Re: (Score:1)
You are correct -- this isn't (new) news.
Re: (Score:1)
Re: (Score:2)
I thought the timeline went
- a few weeks ago: CIA can hack Samsung TVs
- today: Wikileaks release the hacking tool
Re: (Score:2)
At home the solution is to buy a computer monitor, not a TV, and to track down one of those old early HDTV standalone tuners. Not the DTV converter boxes, but the high def output models that were required for early HD tube TVs that lacked ATSC tuners.
Or, at home, similar to above, to use a video projector as your TV and again, to get a separate tuner for it.
Re: (Score:2)
A lot of hotels do that everywhere. They had a anti-theft system that is tied into the internet/cable connection.
Re: No Secret (Score:1)
Re: No Secret (Score:1)
Do stupid people buy "smart" things? (Score:2)
Silly story (Score:5, Insightful)
If someone can sneak a USB stick into a television, he can sneak a microphone and a transmitter into the room. Or put the microphone on the stick and use USB just for power - no need to rely on the target having a specific old model of television.
Re: (Score:2)
"If someone can sneak a USB stick into a television, he can sneak a microphone and a transmitter into the room."
The difference is that you have to leave the discrete microphone and transmitter behind.
Hard switches (Score:5, Interesting)
If we [society] really cared about privacy, we would require that ALL devices that contain a microphone or camera contain HARD switches that can cut them on/off at will. Not soft switches under software/firmware control. The reality is that ANY device with hard switches that contains a computer and a mic or camera can be broken into and used as a spy device. Be it a TV, phone, monitor, laptop, car, Echo, refrigerator, toy, whatever. And often there is no easy way to really/truly turn "off" the device (and then, of course, you can't use any other function).
Although it is relatively easy to disable cameras by sticking tape over them.... the same is not true for microphones. Of course, the manufacturers would scream about it, since it would add $0.25 to their $800+ devices and increase the mass by 0.0001%.
And regarding microphones, it isn't just about what you might be saying- sophisticated software can be used to detect all kinds of things like when you are present, where you might be, who you are with, what you are doing, even what you might be typing.
Re: (Score:2)
Your attitude is all too common. It's becoming not only acceptable but expected to be spied on. As it turns out I'm not a terrorist or a criminal of any sort and although some people would judge me for some of the things I've viewed online I really don't have much to hide.
So why shouldn't I allow that information to be free? Wanna know what I bought from Amazon last week? It's actually none of your business.
And trusting someone because they're a "professional" is just about the dumbest thing you can ev
Re: (Score:2)
>"The reality is that ANY device with hard switches that contains a computer.."
That is a typo in which I meant to say "ANY device *WITHOUT* hard switches", but I am guessing most people knew what I meant.
EASY (Score:4, Insightful)
Nothing a dollop of cyanoacrylate can not fix to disable the ability to microphone from picking up anything. If I wanted my TV to hear me, I will tell it with the remote or better yet, unplug when not in use. The latter seems more frequent these days as there is nothing really worth watching anymore.
Re: (Score:2)
Yea, the CA method does take a little more effort, but this has worked with annoying alarm type output devices of similar size, so I figured it should be enough to eliminate the input as well. You would have to know where the mics are and ensure that you get them all. You are correct, unplugging is the safer and easier. This is the reason I hate iPhone devices. You can not remove power source (with ease).
Re:requires physical access (Score:5, Insightful)
On the other hand, you don't know who has physical access to your TV before you buy it, do you?
The implant requires physical access ... (Score:4, Insightful)
With physical access, they are in your living room. That means they could also just stick a tiny microphone at the back of the TV, or underneath your coach, or .. drill a hole in your walls, insert microphone, fix the hole with some material that doesn't block sound too much and repaint the fixed wall. Endless possibilities.
I'm more concerned when the smartTV can be remotely turned into a listening device. Which, btw, wouldn't surprise if also that would be possible. Either way, my TV ain't online. Nexflix, if I ever want it, will go via another device to the TV.
Re: (Score:2)
I'm more concerned when the smartTV can be remotely turned into a listening device.
Since this trove was taken it's been shown that most of these devices phone home over plain HTTP, they don't authenticate TLS, or they don't validate payload signatures (and usually more than one of these). And the software that uses those resources doesn't do any error checking.
I'll gladly bet five bucks that simple interception, SSID spoofing, and in-line splicing are all being used for remote exploitation by now either wi
Re: (Score:2)
This does sound more like an example of how unsupervised government bureaucracies waste money than a useful spy tool, doesn't it. :-)
EASY for the Russians to spy, too. (Score:3)
Wikileaks may be defiled by the CIA, but their leaked document releases show what determined foreign governments have also probably done and maybe done before the CIA did it. So, it is likely the Russians hated the release of these documents as much as the CIA & NSA!
The whole affair has given all who came to the Electronic Party a big wake up call.
Do you want a gizmo in your kitchen or living room listening to everything that is said?
Worse yet, do you want to have it recording and maybe issuing commands? What if your kid screams "I am going to kill you." and the SWAT team shows up?
Then probably the worst case is a teenager saying something unprintable, and the child social services shows up with law enforcement.
Impeding the West's intelligence efforts (Score:2)
Whoever leaked this is a traitor. It is no different from informing Kriegsmarine, their Enigma codes have been broken.
Yes, the "Weeping Angel" could be used against civilians. But the same was true about Alan Turing's crypto-breaking machinery and their listening for any and all radio-traffic as well.
Like any other weapon or tool It could be abused, but publicizing it defeats its effectiveness against the intended — and perfectly legitimate — targets and is thus bona fide treasonous.
Re: (Score:2)
Oh comon. As if the the fact that intelligence agency could possibly use a preinstalled microphone of an electronic device, is in any way non-obvious or as if it's problematic that the 'intended' knows about this.
Truth is that all terrorists so far used unencrypted normal SMS services and burner phones, or the unencrypted chat services of various Playstation games. What, you want to make it a secret that intelligence agencies can see the chatlogs of Playstation games, too?
Mister obvious is obvious. A microp
Re: (Score:2)
If it really were as trivial as you imply:
Since all of
Re: (Score:2)
Re: (Score:2)
Yes, that's entirely possible. And yet, the technology has plenty of legitimate uses and should not have been sabotaged.
Knowledge of capabilities is "sabotage"? Really?? (Score:2)
Knowledge of the capabilities of a large-scale deployment technology that affects such a large proportion of the populace can hardly be construed as sabotage, especially when there is such potential for abuse.
As an analogy, it would be one thing to leak the specific movements of a police investigative team. ("Psst! There's a bunch of cop cars headed toward your warehouse where you keep t
Re: (Score:2)
In fact, the evidence suggests that our government(s) will use this technology to suppress legitimate opposition and not to protect its citizens from malefactors.
Microphone TV? (Score:1)
Wasn't this demo'd at a conference years ago? (Score:2)