It’s difficult to buy a new TV that doesn’t come with a suite of (generally mediocre) “smart” software, giving your home theater some of the functions typically found in phones and tablets. But bringing these extra features into your living room means bringing a microphone, too — a fact the CIA is exploiting, according to a new trove of documents released today by Wikileaks.
According to documents inside the cache, a CIA program named “Weeping Angel” provided the agency’s hackers with access to Samsung Smart TVs, allowing a television’s built-in voice control microphone to be remotely enabled while keeping the appearance that the TV itself was switched off, called “Fake-Off mode.” Although the display would be switched off, and LED indicator lights would be suppressed, the hardware inside the television would continue to operate, unbeknownst to the owner. The method, co-developed with British intelligence, required implanting a given TV with malware—it’s unclear if this attack could be executed remotely, but the documentation includes reference to in-person infection via a tainted USB drive. Once the malware was inside the TV, it could relay recorded audio data to a third party (presumably a server controlled by the CIA) through the included network connection.
Wikileaks said its cache included more than 8,000 documents originating from within the CIA and came via a source, who the group did not identify, who was concerned that the agency’s “hacking capabilities exceed its mandated powers” and who wanted to “initiate a public debate” about the proliferation of cyberweapons. Wikileaks said the documents also showed extensive hacking of smartphones, including Apple’s iPhones; a large library of allegedly serious computer attacks that were not reported to tech companies like Apple, Google, and Microsoft; malware from hacker groups and other nation-states, including, Wikileaks said, Russia, that could be used to hide the agency’s involvement in cyberattacks; and the growth of a substantial hacking division within the CIA, known as the Center for Cyber Intelligence, bringing the agency further into the sort of cyberwarfare traditionally practiced by its rival the National Security Agency.
The smart TV breach is just the latest example of a security problem emerging from the so-called “Internet of Things,” the increasingly large catalog of consumer products that include (or require) an internet connection for contrived “smart” functionality Last year, the Guardian reported that Director of National Intelligence James Clapper told the Senate that breaching smart devices was a priority for American spies: “In the future, intelligence services might use the [internet of things] for identification, surveillance, monitoring, location tracking, and targeting for recruitment, or to gain access to networks or user credentials.”