Two days ago, Wikileaks released a series of US intelligence documents containing details on the tools the CIA use to hack phones, computers, and other devices. The documents have released public concern over privacy and security, but most importantly, have sparked conversation over the CIA’s alleged latest method of spying on your private conversations: through your smart TVs.
Stories of smart TVs being able to listen in on private conversations have emerged in the past. However, whilst before public concern lay with third-party sharing or access to private information, now concern lies with security and deliberate invasion.
The idea that the largest US intelligence agency was or had developed a program allowing it to hack into devices across the world was, though disturbing, almost a given. However, the documents, which according to WikiLeaks are the “largest ever publication of confidential documents on the agency”, contain detailed technical information on how the CIA conducts said cyber operations. This is essentially a massive release of cyber technology tactics that could give anyone the knowledge necessary to hack into devices worldwide.
The CIA Samsung Smart TV Spy Project
We have all grown used to smart TVs that use voice activation or voice recognition to respond to your needs. In fact, it is hard nowadays to find one that does not have said feature in it. However, in 2016 there was a massive rise in concern derived from the voice recognition feature, and privacy at home.
Plenty of stories warned against having private conversations in front of TV’s with voice activation features. This was because when the feature is enabled, the TV set can actually “listen” to the audio around it. Smart TVs with voice recognition or activation are, reportedly, able to record conversations if a particular button is pressed on the remote control. And once the conversation is recorded, the information can be passed along.
The WikiLeak revealed how the CIA had been working on a project to spy on Samsung smart TVs. Naming it “Weeping Angel”, the project consisted of the development of a malware which runs just like a normal TV app, like youtube, or Netflix. However, unlike youtube or netflix, once Weeping Angel is installed it is able to capture audio, with plans to capture video underway.
Matthew Hickey, a security researcher and co-founder of Hacker house, explained how the app’s functions go further. Once installed it is able to recover the Wi-Fi keys used by the TV. This allows the malware to later hack the target’s Wi-Fi Network and access any usernames and passwords that may have been stored in the TV browser.
At this point, many will be considering the following; Why not just turn the Voice Recognition features off, and avoid all possibility of being recorded? According to the WikiLeak documents, the malware has a feature called “Fake Off”, which allows for audio recording to carry on even when the TV is shut down.
After reviewing the CIA notes on the project, Hickey reveal how the malware can, apparently, only infiltrate the TV via a USB key. This implies those with TVs carrying no USB install methods may be safe from the malware. Furthermore, the malware is unable to stream audio in real-time to the CIA, instead copying it as files.
Furthermore, Hickey notes that the attacks are likely to be limited, as the CIA would have to be nearby to harvest the stolen data. He also adds that simply updating your TV could kill the CIA tool, if present at all. This is due to the fact that there is no indication that the Weeping Angel malware can be used on Samsung TVs running the latest firmware above the specified 1118 version.
It is not the first time concerns over privacy have emerged from smart device use, and it is most likely not the last. However, whilst concern is understandable, the leaks are far too new to be able to provide conclusive information upon first review. Furthermore, development plans do not guarantee that operations ever went live worldwide, or even on big-scale. However, if you are concerned about your privacy, we suggest updating your TV system, and ensuring your voice recognition feature is off when the TV is not in use. Should your concern be high enough, there is always the option of returning to non smart TVs.