Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Government Security Television United Kingdom United States

WikiLeaks Releases New CIA Secret: Tapping Microphones On Some Samsung TVs (fossbytes.com) 100

FossBytes reports: The whistleblower website Wikileaks has published another set of hacking tools belonging to the American intelligence agency CIA. The latest revelation includes a user guide for CIA's "Weeping Angel" tool... derived from another tool called "Extending" which belongs to UK's intelligence agency MI5/BTSS, according to Wikileaks. Extending takes control of Samsung F Series Smart TV. The highly detailed user guide describes it as an implant "designed to record audio from the built-in microphone and egress or store the data."

According to the user guide, the malware can be deployed on a TV via a USB stick after configuring it on a Linux system. It is possible to transfer the recorded audio files through the USB stick or by setting up a WiFi hotspot near the TV. Also, a Live Liston Tool, running on a Windows OS, can be used to listen to audio exfiltration in real-time. Wikileaks mentioned that the two agencies, CIA and MI5/BTSS made collaborative efforts to create Weeping Angel during their Joint Development Workshops.

This discussion has been archived. No new comments can be posted.

WikiLeaks Releases New CIA Secret: Tapping Microphones On Some Samsung TVs

Comments Filter:
  • by Anonymous Coward on Saturday April 22, 2017 @09:40AM (#54282493)

    in effect Samsungs ToS says that if you need to have a private conversation you should leave the room.

    My living room and I'm supposed to no longer have a realistic expectation of privacy...

    Short term solution ensure no connection to internet for TV

    Longer term - got rid of the Samsung junk and replaced it with something else...

    • If you are of particular government interest they could set up a surreptitious wifi hotspot for you.
      • Re: (Score:3, Insightful)

        by Anonymous Coward

        If you are of particular government interest they could set up a surreptitious wifi hotspot for you.

        People always say this kind of thing. The thing is, that they could, but they wouldn't. They probably aren't particularly interested in you now. However, say a few years down the line you have a big successful company and "they" want to force you to betray a customer, what can they then do? With the wifi hotspot nothing because they won't have known that you have the company in future.

        With mass surveillance and cheap access to your smart TV they can just monitor everyone and then, when the find out your

    • by Anonymous Coward
      U.S. citizens aren't protected from dishonesty and sneakiness. Rich corporations and people are allowed to do what they want.

      There are exceptions: Volkswagen to pay $2.8 billion in US diesel emission scandal [cnbc.com]
      • Rich corporations and people are allowed to do what they want.

        There are exceptions: Volkswagen to pay $2.8 billion in US diesel emission scandal

        That's because they cheated the GOVERNMENT.

        But it's nice to see the individuals who got hurt (lower mileage once the patches are applied, lower resale value) getting some of the bux for a change.

        (Why do you still get robo-calls? Because the Fed preempted state laws that had let people sue the robo-callers for damages.)

      • The exception being that Volkswagen isn't a US company.
    • in effect Samsungs ToS says that if you need to have a private conversation you should leave the room.

      My ToS said don't plug in the ethernet cable.

      • by amorsen ( 7485 )

        Doesn't help. The exploit can be delivered via DVB-T or DVB-S, so if you watch OTA or satellite TV, it is game over. From there, it can set up the wireless network itself, connecting to an attacker-provided hotspot.

        • Doesn't help. The exploit can be delivered via DVB-T or DVB-S, so if you watch OTA or satellite TV, it is game over. From there, it can set up the wireless network itself, connecting to an attacker-provided hotspot.

          However that makes it a local attack.

    • This particular exploit doesn't require an Internet connection. And the fact that it was for a Samsung TV probably has more to do with the prevalence of Samsung TVs (most bang for the coding buck).

      Any device with a microphone attached to a computer that's always left partially powered on could be hacked to do this. Previous leaks have pointed to similar malware for phones. It's just that TVs are easier to hack since they're frequently left unattended (and people like you think they're safe if it doesn
      • by Cederic ( 9623 )

        And I'm not even sure the microphone is necessary.

        Well, the TV has a microphone already directed to capture voices in the room and is a nice power supply for the USB stick.

        Without the TV a bug would have been planted anyway, but providing it with power would be trickier.

  • News flash (Score:5, Insightful)

    by El Cubano ( 631386 ) on Saturday April 22, 2017 @09:41AM (#54282501)

    News Flash!

    If it has a microphone, camera, receives RF, or transmits RF, you can bet that the CIA, NSA, GCHQ, GCSE, ISI, etc., have figured out how to spy on and/or surreptitiously activate the device or have at least given it a serious try.

    Why do people continue to be surprised by these revelations?

    About the only new information here, I suppose, is the specific devices targeted and the degree of success which they have achieved. Still, if you are concerned about espionage, then treat every electronic device as compromised and you won't have a problem.

    • by Anonymous Coward

      People have to pretend to be surprised. AMERICA DOESN'T SPY!!!!, just like AMERICA DOESN'T TORTURE!!! back in the Bush years. Assange feeds into the doublethink, desperate to save his own ass.

      A shame - he would've been safer with Clinton in the White House.

    • Can you put a Faraday cage around the Camera? Maybe woven steel around the cord? (Both are grounded) ..Maybe run another camera next to it that views random colors and pictures.
    • Well, unless one of the revelations was that the CIA is using these tools domestically, I'm not worried. That was my big issue with the Snowden revelations - the NSA was breaking the rules by listening in on domestic communication. I want the CIA to spy on somepeople.
  • by Anonymous Coward on Saturday April 22, 2017 @09:42AM (#54282505)

    So, does the television get closer to you every time you blink?

    • From the name, I was expecting it to be an obfuscation tool for hiding other malware when the user opens certain programs like the task manager etc.

    • by Z80a ( 971949 )

      And when it gets close enough, it kills you by displaying something horrifying and british, like noseybonk.

  • This should not be that tough. I am of the thought that anything electronic cannot survive the CIA and the like.

  • Do you really, really need a laptop?

    And if you're paranoid, you can install a switch on the speaker so that it cannot be turned into a microphone.

  • by Ungrounded Lightning ( 62228 ) on Saturday April 22, 2017 @10:00AM (#54282565) Journal

    I thought one of the previous releases mentioned Weeping Angel (or at least weeping something) and that it turned Samsung TVs into room bugs. So I assumed this one was more details on it.

    But the media seems to be talking about it as if it's new with this release and a big surprise.

    Did they just notice it now, or am I misremembering the earlier stuff? (Either way, it's good that it's finally getting public attention.)

    (Sorry to bother others with the question. But I've been too busy to plow through it all personally and would appreciate info from people who have done some deep-diving.)

    • by Anonymous Coward

      You are correct -- this isn't (new) news.

    • This was definitely released a few weeks back, there was even a Last Week Tonight segment on it.
    • by Cederic ( 9623 )

      I thought the timeline went
      - a few weeks ago: CIA can hack Samsung TVs
      - today: Wikileaks release the hacking tool

  • Silly story (Score:5, Insightful)

    by Anonymous Coward on Saturday April 22, 2017 @10:31AM (#54282669)

    If someone can sneak a USB stick into a television, he can sneak a microphone and a transmitter into the room. Or put the microphone on the stick and use USB just for power - no need to rely on the target having a specific old model of television.

    • "If someone can sneak a USB stick into a television, he can sneak a microphone and a transmitter into the room."

      The difference is that you have to leave the discrete microphone and transmitter behind.

  • Hard switches (Score:5, Interesting)

    by markdavis ( 642305 ) on Saturday April 22, 2017 @10:55AM (#54282781)

    If we [society] really cared about privacy, we would require that ALL devices that contain a microphone or camera contain HARD switches that can cut them on/off at will. Not soft switches under software/firmware control. The reality is that ANY device with hard switches that contains a computer and a mic or camera can be broken into and used as a spy device. Be it a TV, phone, monitor, laptop, car, Echo, refrigerator, toy, whatever. And often there is no easy way to really/truly turn "off" the device (and then, of course, you can't use any other function).

    Although it is relatively easy to disable cameras by sticking tape over them.... the same is not true for microphones. Of course, the manufacturers would scream about it, since it would add $0.25 to their $800+ devices and increase the mass by 0.0001%.

    And regarding microphones, it isn't just about what you might be saying- sophisticated software can be used to detect all kinds of things like when you are present, where you might be, who you are with, what you are doing, even what you might be typing.

    • >"The reality is that ANY device with hard switches that contains a computer.."

      That is a typo in which I meant to say "ANY device *WITHOUT* hard switches", but I am guessing most people knew what I meant.

  • EASY (Score:4, Insightful)

    by rholtzjr ( 928771 ) on Saturday April 22, 2017 @11:01AM (#54282819) Journal

    Nothing a dollop of cyanoacrylate can not fix to disable the ability to microphone from picking up anything. If I wanted my TV to hear me, I will tell it with the remote or better yet, unplug when not in use. The latter seems more frequent these days as there is nothing really worth watching anymore.

  • by freax ( 80371 ) on Saturday April 22, 2017 @11:51AM (#54283017) Homepage

    With physical access, they are in your living room. That means they could also just stick a tiny microphone at the back of the TV, or underneath your coach, or .. drill a hole in your walls, insert microphone, fix the hole with some material that doesn't block sound too much and repaint the fixed wall. Endless possibilities.

    I'm more concerned when the smartTV can be remotely turned into a listening device. Which, btw, wouldn't surprise if also that would be possible. Either way, my TV ain't online. Nexflix, if I ever want it, will go via another device to the TV.

    • I'm more concerned when the smartTV can be remotely turned into a listening device.

      Since this trove was taken it's been shown that most of these devices phone home over plain HTTP, they don't authenticate TLS, or they don't validate payload signatures (and usually more than one of these). And the software that uses those resources doesn't do any error checking.

      I'll gladly bet five bucks that simple interception, SSID spoofing, and in-line splicing are all being used for remote exploitation by now either wi

    • This does sound more like an example of how unsupervised government bureaucracies waste money than a useful spy tool, doesn't it. :-)

  • by BoRegardless ( 721219 ) on Saturday April 22, 2017 @11:59AM (#54283039)

    Wikileaks may be defiled by the CIA, but their leaked document releases show what determined foreign governments have also probably done and maybe done before the CIA did it. So, it is likely the Russians hated the release of these documents as much as the CIA & NSA!

    The whole affair has given all who came to the Electronic Party a big wake up call.

    Do you want a gizmo in your kitchen or living room listening to everything that is said?

    Worse yet, do you want to have it recording and maybe issuing commands? What if your kid screams "I am going to kill you." and the SWAT team shows up?

    Then probably the worst case is a teenager saying something unprintable, and the child social services shows up with law enforcement.

  • Whoever leaked this is a traitor. It is no different from informing Kriegsmarine, their Enigma codes have been broken.

    Yes, the "Weeping Angel" could be used against civilians. But the same was true about Alan Turing's crypto-breaking machinery and their listening for any and all radio-traffic as well.

    Like any other weapon or tool It could be abused, but publicizing it defeats its effectiveness against the intended — and perfectly legitimate — targets and is thus bona fide treasonous.

    • by freax ( 80371 )

      Oh comon. As if the the fact that intelligence agency could possibly use a preinstalled microphone of an electronic device, is in any way non-obvious or as if it's problematic that the 'intended' knows about this.

      Truth is that all terrorists so far used unencrypted normal SMS services and burner phones, or the unencrypted chat services of various Playstation games. What, you want to make it a secret that intelligence agencies can see the chatlogs of Playstation games, too?

      Mister obvious is obvious. A microp

      • by mi ( 197448 )

        As if the the fact that intelligence agency could possibly use a preinstalled microphone of an electronic device, is in any way non-obvious or as if it's problematic that the 'intended' knows about this.

        If it really were as trivial as you imply:

        • the spooks would not have used it,
        • the leaker would not have leaked the details of it,
        • Wikileaks would not have found it publication-worthy,
        • Slashdot-editors would not have put it on the front page,
        • Slashdot-users would not have gone to discuss it as much.

        Since all of

    • Considering your signature, I really hope you are being sarcastic. There is reasonable evidence that the Obama Administration used the intelligence apparatus of the U.S. to spy on his political opponents (in particular those who opposed the Iran Nuclear deal, an example where there is no support for the idea that those being spied on domestically were involved in anything which gave the government legal authority to spy on them). It is certainly possible, maybe even likely, that previous Administrations ha
      • by mi ( 197448 )

        There is reasonable evidence that the Obama Administration used the intelligence apparatus of the U.S. to spy on his political opponents

        Yes, that's entirely possible. And yet, the technology has plenty of legitimate uses and should not have been sabotaged.

        • Yes, that's entirely possible. And yet, the technology has plenty of legitimate uses and should not have been sabotaged.

          Knowledge of the capabilities of a large-scale deployment technology that affects such a large proportion of the populace can hardly be construed as sabotage, especially when there is such potential for abuse.

          As an analogy, it would be one thing to leak the specific movements of a police investigative team. ("Psst! There's a bunch of cop cars headed toward your warehouse where you keep t

        • Except that the technology was not sabotaged. It was merely revealed that it existed. The thing is: it is no longer a matter of this technology could be misused. We now know that this technology will be misused.

          In fact, the evidence suggests that our government(s) will use this technology to suppress legitimate opposition and not to protect its citizens from malefactors.
  • I can't understand why they just don't disconnect the camera or mic when they are not using it on a PC. The smart phones I understand - Its integrated - shove it in a box when you are not using it, or put a radio, or run the built in radio with the phone in the box. The TV can stay a TV.. I don't need Web service on my TV. If you want to talk to someone, use your PC. Unplug any other thing when you are not using it. Buy simple things that only do the task they were assigned.
  • I remember hearing about how this was possible way back when they first started putting microphones and cameras on TV's. Is it a surprise the CIA was paying attention?

Think of it! With VLSI we can pack 100 ENIACs in 1 sq. cm.!

Working...