Slashdot Mirror

← Back to Stories (view on slashdot.org)

WikiLeaks Releases New CIA Secret: Tapping Microphones On Some Samsung TVs (fossbytes.com)

Posted by EditorDavid on from the TV-watches-you dept.

FossBytes reports: The whistleblower website Wikileaks has published another set of hacking tools belonging to the American intelligence agency CIA. The latest revelation includes a user guide for CIA's "Weeping Angel" tool... derived from another tool called "Extending" which belongs to UK's intelligence agency MI5/BTSS, according to Wikileaks. Extending takes control of Samsung F Series Smart TV. The highly detailed user guide describes it as an implant "designed to record audio from the built-in microphone and egress or store the data."

According to the user guide, the malware can be deployed on a TV via a USB stick after configuring it on a Linux system. It is possible to transfer the recorded audio files through the USB stick or by setting up a WiFi hotspot near the TV. Also, a Live Liston Tool, running on a Windows OS, can be used to listen to audio exfiltration in real-time. Wikileaks mentioned that the two agencies, CIA and MI5/BTSS made collaborative efforts to create Weeping Angel during their Joint Development Workshops.

57 of 100 comments (clear)

  1. Samasung's ToS what a joke by Anonymous Coward · · Score: 5, Informative

    in effect Samsungs ToS says that if you need to have a private conversation you should leave the room.

    My living room and I'm supposed to no longer have a realistic expectation of privacy...

    Short term solution ensure no connection to internet for TV

    Longer term - got rid of the Samsung junk and replaced it with something else...

    1. Re:Samasung's ToS what a joke by SeriousTube · · Score: 2

      If you are of particular government interest they could set up a surreptitious wifi hotspot for you.

    2. Re:Samasung's ToS what a joke by TechyImmigrant · · Score: 1

      in effect Samsungs ToS says that if you need to have a private conversation you should leave the room.

      My ToS said don't plug in the ethernet cable.

      --
      I should use this sig to advertise my book ISBN-13 : 978-1501515132.
    3. Re:Samasung's ToS what a joke by Solandri · · Score: 2

      This particular exploit doesn't require an Internet connection. And the fact that it was for a Samsung TV probably has more to do with the prevalence of Samsung TVs (most bang for the coding buck).

      Any device with a microphone attached to a computer that's always left partially powered on could be hacked to do this. Previous leaks have pointed to similar malware for phones. It's just that TVs are easier to hack since they're frequently left unattended (and people like you think they're safe if it doesn't have an Internet connection), while phones are carried on the person. You're a fool if you think the risk is limited to a single company's products

      And I'm not even sure the microphone is necessary. If the computer can measure the voltage on a speaker wire, a speaker can be used as a (poor) microphone. Conceptually they are the same thing. A voltage moves a physical membrane to produce sound. Sound moves a physical membrane to produce voltage.

    4. Re:Samasung's ToS what a joke by Anonymous Coward · · Score: 3, Insightful

      If you are of particular government interest they could set up a surreptitious wifi hotspot for you.

      People always say this kind of thing. The thing is, that they could, but they wouldn't. They probably aren't particularly interested in you now. However, say a few years down the line you have a big successful company and "they" want to force you to betray a customer, what can they then do? With the wifi hotspot nothing because they won't have known that you have the company in future.

      With mass surveillance and cheap access to your smart TV they can just monitor everyone and then, when the find out your company is a success, they go back in time, look at the old data they mass collected, use that to force you to give them the keys to the kingdom and take away all the independence you built up.

    5. Re:Samasung's ToS what a joke by Cederic · · Score: 1

      And I'm not even sure the microphone is necessary.

      Well, the TV has a microphone already directed to capture voices in the room and is a nice power supply for the USB stick.

      Without the TV a bug would have been planted anyway, but providing it with power would be trickier.

    6. Re:Samasung's ToS what a joke by amorsen · · Score: 1

      Doesn't help. The exploit can be delivered via DVB-T or DVB-S, so if you watch OTA or satellite TV, it is game over. From there, it can set up the wireless network itself, connecting to an attacker-provided hotspot.

      --
      Finally! A year of moderation! Ready for 2019?
    7. Re:Samasung's ToS what a joke by TechyImmigrant · · Score: 1

      Doesn't help. The exploit can be delivered via DVB-T or DVB-S, so if you watch OTA or satellite TV, it is game over. From there, it can set up the wireless network itself, connecting to an attacker-provided hotspot.

      However that makes it a local attack.

      --
      I should use this sig to advertise my book ISBN-13 : 978-1501515132.
  2. News flash by El+Cubano · · Score: 5, Insightful

    News Flash!

    If it has a microphone, camera, receives RF, or transmits RF, you can bet that the CIA, NSA, GCHQ, GCSE, ISI, etc., have figured out how to spy on and/or surreptitiously activate the device or have at least given it a serious try.

    Why do people continue to be surprised by these revelations?

    About the only new information here, I suppose, is the specific devices targeted and the degree of success which they have achieved. Still, if you are concerned about espionage, then treat every electronic device as compromised and you won't have a problem.

    1. Re:News flash by mikael · · Score: 1

      Any UNIX or Linux device that has a microphone, camera, or other sensor and TCP/IP support is going to be able to be tapped. Every device in /dev is a stream input or output device. That data can be read and then sent out to anywhere else in the world using the "sockets" library. That allows everything from VOIP to video-conferencing, instant messaging and group chat.

      --
      Vintage computer adverts: http://www.vintageadbrowser.com/computers-and-software-ads
    2. Re:News flash by TWX · · Score: 1

      I just pictured Assange-as-Frankenstein as in Gene Wilder's character during the, "Puttin' on the Ritz," scene in Young Frankenstein, trying to distract both the monster and the audience as the presentation/act starts going down in flames...

      --
      Do not look into laser with remaining eye.
    3. Re:News flash by alantus · · Score: 1

      And for computers they don't even have to do anything, since Intel already did the dirty work with their AMT technology.

    4. Re:News flash by Anonymous Coward · · Score: 1

      Any UNIX or Linux device that has a microphone, camera, or other sensor and TCP/IP support is going to be able to be tapped.

      ... only if they can get PulseAudio to work.

      We're safe, for a while.

    5. Re:News flash by Anonymous Coward · · Score: 1

      People have to pretend to be surprised. AMERICA DOESN'T SPY!!!!, just like AMERICA DOESN'T TORTURE!!! back in the Bush years. Assange feeds into the doublethink, desperate to save his own ass.

      A shame - he would've been safer with Clinton in the White House.

    6. Re:News flash by Neuronwelder · · Score: 1

      Can you put a Faraday cage around the Camera? Maybe woven steel around the cord? (Both are grounded) ..Maybe run another camera next to it that views random colors and pictures.

    7. Re:News flash by sabbede · · Score: 1

      Well, unless one of the revelations was that the CIA is using these tools domestically, I'm not worried. That was my big issue with the Snowden revelations - the NSA was breaking the rules by listening in on domestic communication. I want the CIA to spy on somepeople.

  3. Weeping Angel by Anonymous Coward · · Score: 4, Funny

    So, does the television get closer to you every time you blink?

    1. Re:Weeping Angel by GameboyRMH · · Score: 1

      From the name, I was expecting it to be an obfuscation tool for hiding other malware when the user opens certain programs like the task manager etc.

      --
      "When information is power, privacy is freedom" - Jah-Wren Ryel
    2. Re:Weeping Angel by Z80a · · Score: 1

      And when it gets close enough, it kills you by displaying something horrifying and british, like noseybonk.

  4. Time for an "Open Source" TV system by bogaboga · · Score: 1, Interesting

    This should not be that tough. I am of the thought that anything electronic cannot survive the CIA and the like.

  5. The U.S. government is CORRUPT! by Anonymous Coward · · Score: 2, Interesting

    U.S. citizens aren't protected from dishonesty and sneakiness. Rich corporations and people are allowed to do what they want.

    There are exceptions: Volkswagen to pay $2.8 billion in US diesel emission scandal

    1. Re:The U.S. government is CORRUPT! by Ungrounded+Lightning · · Score: 2

      Rich corporations and people are allowed to do what they want.

      There are exceptions: Volkswagen to pay $2.8 billion in US diesel emission scandal

      That's because they cheated the GOVERNMENT.

      But it's nice to see the individuals who got hurt (lower mileage once the patches are applied, lower resale value) getting some of the bux for a change.

      (Why do you still get robo-calls? Because the Fed preempted state laws that had let people sue the robo-callers for damages.)

      --
      Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
    2. Re:The U.S. government is CORRUPT! by slashrio · · Score: 2

      The exception being that Volkswagen isn't a US company.

      --
      "Trump!!", the new Godwin.
  6. Desktop PCs have no microphones by sandbagger · · Score: 1

    Do you really, really need a laptop?

    And if you're paranoid, you can install a switch on the speaker so that it cannot be turned into a microphone.

    --
    ---- The above post was generated by the Turing Institute. Maybe.
    1. Re: Desktop PCs have no microphones by sandbagger · · Score: 3, Funny

      Congratulations on missing the point.

      --
      ---- The above post was generated by the Turing Institute. Maybe.
  7. I thought this was released weeks ago by Ungrounded+Lightning · · Score: 4, Interesting

    I thought one of the previous releases mentioned Weeping Angel (or at least weeping something) and that it turned Samsung TVs into room bugs. So I assumed this one was more details on it.

    But the media seems to be talking about it as if it's new with this release and a big surprise.

    Did they just notice it now, or am I misremembering the earlier stuff? (Either way, it's good that it's finally getting public attention.)

    (Sorry to bother others with the question. But I've been too busy to plow through it all personally and would appreciate info from people who have done some deep-diving.)

    --
    Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
    1. Re:I thought this was released weeks ago by Anonymous Coward · · Score: 1

      You are correct -- this isn't (new) news.

    2. Re:I thought this was released weeks ago by pixel+sorceress · · Score: 1

      This was definitely released a few weeks back, there was even a Last Week Tonight segment on it.

    3. Re:I thought this was released weeks ago by Cederic · · Score: 1

      I thought the timeline went
      - a few weeks ago: CIA can hack Samsung TVs
      - today: Wikileaks release the hacking tool

  8. Do stupid people buy "smart" things? by TheOuterLinux · · Score: 1

    I'm convinced.

  9. Silly story by Anonymous Coward · · Score: 5, Insightful

    If someone can sneak a USB stick into a television, he can sneak a microphone and a transmitter into the room. Or put the microphone on the stick and use USB just for power - no need to rely on the target having a specific old model of television.

    1. Re:Silly story by radarskiy · · Score: 1

      "If someone can sneak a USB stick into a television, he can sneak a microphone and a transmitter into the room."

      The difference is that you have to leave the discrete microphone and transmitter behind.

  10. Re:No Secret by TWX · · Score: 1

    At home the solution is to buy a computer monitor, not a TV, and to track down one of those old early HDTV standalone tuners. Not the DTV converter boxes, but the high def output models that were required for early HD tube TVs that lacked ATSC tuners.

    Or, at home, similar to above, to use a video projector as your TV and again, to get a separate tuner for it.

    --
    Do not look into laser with remaining eye.
  11. Hard switches by markdavis · · Score: 5, Interesting

    If we [society] really cared about privacy, we would require that ALL devices that contain a microphone or camera contain HARD switches that can cut them on/off at will. Not soft switches under software/firmware control. The reality is that ANY device with hard switches that contains a computer and a mic or camera can be broken into and used as a spy device. Be it a TV, phone, monitor, laptop, car, Echo, refrigerator, toy, whatever. And often there is no easy way to really/truly turn "off" the device (and then, of course, you can't use any other function).

    Although it is relatively easy to disable cameras by sticking tape over them.... the same is not true for microphones. Of course, the manufacturers would scream about it, since it would add $0.25 to their $800+ devices and increase the mass by 0.0001%.

    And regarding microphones, it isn't just about what you might be saying- sophisticated software can be used to detect all kinds of things like when you are present, where you might be, who you are with, what you are doing, even what you might be typing.

    1. Re:Hard switches by markdavis · · Score: 1

      >"The reality is that ANY device with hard switches that contains a computer.."

      That is a typo in which I meant to say "ANY device *WITHOUT* hard switches", but I am guessing most people knew what I meant.

    2. Re:Hard switches by No+Longer+an+AC · · Score: 1

      Your attitude is all too common. It's becoming not only acceptable but expected to be spied on. As it turns out I'm not a terrorist or a criminal of any sort and although some people would judge me for some of the things I've viewed online I really don't have much to hide.

      So why shouldn't I allow that information to be free? Wanna know what I bought from Amazon last week? It's actually none of your business.

      And trusting someone because they're a "professional" is just about the dumbest thing you can ever do.

  12. Re:No Secret by mikael · · Score: 1

    A lot of hotels do that everywhere. They had a anti-theft system that is tied into the internet/cable connection.

    --
    Vintage computer adverts: http://www.vintageadbrowser.com/computers-and-software-ads
  13. Re:PACINLAW-GOV.ORG by TechyImmigrant · · Score: 1

    >bwing managed

    Is bwing management what comes after agile?

    --
    I should use this sig to advertise my book ISBN-13 : 978-1501515132.
  14. EASY by rholtzjr · · Score: 3, Insightful

    Nothing a dollop of cyanoacrylate can not fix to disable the ability to microphone from picking up anything. If I wanted my TV to hear me, I will tell it with the remote or better yet, unplug when not in use. The latter seems more frequent these days as there is nothing really worth watching anymore.

    1. Re:EASY by rholtzjr · · Score: 1

      Yea, the CA method does take a little more effort, but this has worked with annoying alarm type output devices of similar size, so I figured it should be enough to eliminate the input as well. You would have to know where the mics are and ensure that you get them all. You are correct, unplugging is the safer and easier. This is the reason I hate iPhone devices. You can not remove power source (with ease).

  15. Re:requires physical access by tsqr · · Score: 5, Insightful

    On the other hand, you don't know who has physical access to your TV before you buy it, do you?

  16. The implant requires physical access ... by freax · · Score: 3, Insightful

    With physical access, they are in your living room. That means they could also just stick a tiny microphone at the back of the TV, or underneath your coach, or .. drill a hole in your walls, insert microphone, fix the hole with some material that doesn't block sound too much and repaint the fixed wall. Endless possibilities.

    I'm more concerned when the smartTV can be remotely turned into a listening device. Which, btw, wouldn't surprise if also that would be possible. Either way, my TV ain't online. Nexflix, if I ever want it, will go via another device to the TV.

    1. Re:The implant requires physical access ... by bill_mcgonigle · · Score: 1

      I'm more concerned when the smartTV can be remotely turned into a listening device.

      Since this trove was taken it's been shown that most of these devices phone home over plain HTTP, they don't authenticate TLS, or they don't validate payload signatures (and usually more than one of these). And the software that uses those resources doesn't do any error checking.

      I'll gladly bet five bucks that simple interception, SSID spoofing, and in-line splicing are all being used for remote exploitation by now either with these or similar devices.

      --
      My God, it's Full of Source!
      OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
    2. Re:The implant requires physical access ... by herbierobinson · · Score: 1

      This does sound more like an example of how unsupervised government bureaucracies waste money than a useful spy tool, doesn't it. :-)

      --
      An engineer who ran for Congress. http://herbrobinson.us
  17. EASY for the Russians to spy, too. by BoRegardless · · Score: 2

    Wikileaks may be defiled by the CIA, but their leaked document releases show what determined foreign governments have also probably done and maybe done before the CIA did it. So, it is likely the Russians hated the release of these documents as much as the CIA & NSA!

    The whole affair has given all who came to the Electronic Party a big wake up call.

    Do you want a gizmo in your kitchen or living room listening to everything that is said?

    Worse yet, do you want to have it recording and maybe issuing commands? What if your kid screams "I am going to kill you." and the SWAT team shows up?

    Then probably the worst case is a teenager saying something unprintable, and the child social services shows up with law enforcement.

  18. Re:PACINLAW-GOV.ORG by ubrgeek · · Score: 2

    No. It was a very early version of the X-wing.

    --
    Bark less. Wag more.
  19. Impeding the West's intelligence efforts by mi · · Score: 1

    Whoever leaked this is a traitor. It is no different from informing Kriegsmarine, their Enigma codes have been broken.

    Yes, the "Weeping Angel" could be used against civilians. But the same was true about Alan Turing's crypto-breaking machinery and their listening for any and all radio-traffic as well.

    Like any other weapon or tool It could be abused, but publicizing it defeats its effectiveness against the intended — and perfectly legitimate — targets and is thus bona fide treasonous.

    --
    In Soviet Washington the swamp drains you.
    1. Re:Impeding the West's intelligence efforts by freax · · Score: 1

      Oh comon. As if the the fact that intelligence agency could possibly use a preinstalled microphone of an electronic device, is in any way non-obvious or as if it's problematic that the 'intended' knows about this.

      Truth is that all terrorists so far used unencrypted normal SMS services and burner phones, or the unencrypted chat services of various Playstation games. What, you want to make it a secret that intelligence agencies can see the chatlogs of Playstation games, too?

      Mister obvious is obvious. A microphone in a smartTV can obviously be turned against the owner of the smartTV. Nothing special or secret about that. The news here is just the fact that with this it got confirmed that intel-agencies are doing this actively. Not that they can. They can from day one, even from before TV-sets came with microphones.

    2. Re:Impeding the West's intelligence efforts by mi · · Score: 1

      As if the the fact that intelligence agency could possibly use a preinstalled microphone of an electronic device, is in any way non-obvious or as if it's problematic that the 'intended' knows about this.

      If it really were as trivial as you imply:

      • the spooks would not have used it,
      • the leaker would not have leaked the details of it,
      • Wikileaks would not have found it publication-worthy,
      • Slashdot-editors would not have put it on the front page,
      • Slashdot-users would not have gone to discuss it as much.

      Since all of the above did happen, it is not as trivial as you imply. More than likely, some of our enemies have been eavesdropped upon with this tool. And, just as likely, most of them will now make it impossible — endangering lives on our side. Our efforts to thwart them have been impeded and the millions spent on this efforts — wasted. Thanks to the traitor.

      Truth is that all terrorists so far used unencrypted normal SMS services and burner phones, or the unencrypted chat services of various Playstation games.

      Those are means of communications. When communicating a person may wonder, who else is listening. TVs are used primarily for entertainment — it does not occur to most people, an adversary can spy on them in their living room.

      This leaker can only be defended by people, who view NSA (and Britain's equivalent) as the adversary. Presumably, you aren't one of them, are you?

      What, you want to make it a secret that intelligence agencies can see the chatlogs of Playstation games, too?

      If a dumber among the enemy is still unaware of it, yes, I'd like to keep them ignorant. Even if only 5% of the enemies have a Samsung TV today, I would've liked them to keep on using it — so that my employees at the NSA can be privy to their conversations.

      --
      In Soviet Washington the swamp drains you.
    3. Re:Impeding the West's intelligence efforts by Attila+Dimedici · · Score: 1

      Considering your signature, I really hope you are being sarcastic. There is reasonable evidence that the Obama Administration used the intelligence apparatus of the U.S. to spy on his political opponents (in particular those who opposed the Iran Nuclear deal, an example where there is no support for the idea that those being spied on domestically were involved in anything which gave the government legal authority to spy on them). It is certainly possible, maybe even likely, that previous Administrations had done the same thing, but they were subtle enough in the way that they used what they learned that way that it is possible they were not doing so.

      --
      The truth is that all men having power ought to be mistrusted. James Madison
    4. Re:Impeding the West's intelligence efforts by mi · · Score: 1

      There is reasonable evidence that the Obama Administration used the intelligence apparatus of the U.S. to spy on his political opponents

      Yes, that's entirely possible. And yet, the technology has plenty of legitimate uses and should not have been sabotaged.

      --
      In Soviet Washington the swamp drains you.
    5. Re:Impeding the West's intelligence efforts by Attila+Dimedici · · Score: 1

      Except that the technology was not sabotaged. It was merely revealed that it existed. The thing is: it is no longer a matter of this technology could be misused. We now know that this technology will be misused.

      In fact, the evidence suggests that our government(s) will use this technology to suppress legitimate opposition and not to protect its citizens from malefactors.

      --
      The truth is that all men having power ought to be mistrusted. James Madison
  20. Microphone TV? by Neuronwelder · · Score: 1

    I can't understand why they just don't disconnect the camera or mic when they are not using it on a PC. The smart phones I understand - Its integrated - shove it in a box when you are not using it, or put a radio, or run the built in radio with the phone in the box. The TV can stay a TV.. I don't need Web service on my TV. If you want to talk to someone, use your PC. Unplug any other thing when you are not using it. Buy simple things that only do the task they were assigned.

  21. Re: No Secret by Brockmire · · Score: 1

    Why would Samsung fix this? They need something for negotiations when they get blocked from importing phones during patent spats with Apple.

  22. Re: No Secret by Brockmire · · Score: 1

    Typing letter by letter for searches is time consuming and the thought is always, "why can't I just say it?" Or scrolling through hundreds of channels to find a show. And of course, it was built to solve user problems and make a better experience. I don't know why there'd be a camera.

  23. Knowledge of capabilities is "sabotage"? Really?? by KWTm · · Score: 1

    Yes, that's entirely possible. And yet, the technology has plenty of legitimate uses and should not have been sabotaged.

    Knowledge of the capabilities of a large-scale deployment technology that affects such a large proportion of the populace can hardly be construed as sabotage, especially when there is such potential for abuse.

    As an analogy, it would be one thing to leak the specific movements of a police investigative team. ("Psst! There's a bunch of cop cars headed toward your warehouse where you keep the stolen cars.") But it would be perfectly legitimate to give the capabilities of the police. ("Psst! There are over 100 police officers in this city who are going to keep an eye out for stolen cars.")

    --
    404555974007725459910684486621289147856453481154 in hex is "You sank my Battleship?"
    [GPG key in journal]
  24. Wasn't this demo'd at a conference years ago? by sabbede · · Score: 1

    I remember hearing about how this was possible way back when they first started putting microphones and cameras on TV's. Is it a surprise the CIA was paying attention?