Wikileaks says CIA and MI5 teamed up to compromise Samsung Smart TVs with the Weeping Angel tool
In the latest cache of leaks from WikiLeaks is a catalog of tools and exploits used by the CIA for covert surveillance activities. The fresh round of leaks has been designated as “Vault 7” and the has been scrubbed of sensitive, personally identifiable information by WikiLeaks themselves. Among the many tools is something known as Weeping Angel, a tool allegedly developed by the CIA with help from the British Military Intelligence agency MI5.
Once compromised, Weeping Angel allows malicious actors to execute a number of remote commands that can potentially compromise the targeted individual. The televisions can be put in a fake off mode, that for all appearance makes the target believe that the television is turned off. The tool goes as far as to manipulate the LED lights on the televisions, to fool even the thoroughly paranoid. Once in the fake off mode, the agents could continue making parts of the television work, such as using the audio to snoop in on conversations. Only a blue LED on the back of the television could not be powered off in the fake off mode. The attackers could choose the bitrate and quality of the saved audio.
To make sure that the audio is retrieved from the compromised TV, the hackers had the capability to remotely reset the timing on the device. This could mean resetting the clock to the default settings, or specify a time and date. The capabilities were so advanced that the attackers even had noise-cancellation capabilities in the payload. The agents were working on adding capabilities to encrypt the saved audio files before transmission, clean up the audio, and even stream audio. The televisions could store a maximum of 700 MB of captured audio at any point of time. Capabilities for video capture and retrieval were not developed.
The team behind developing the tool were working on turning on Wi-Fi capabilities in the fake off mode. The attackers could use the tool to introduce a public source UNIX based backdoor called PShell. This would allow the attackers to execute arbitrary code on the target televisions. The backdoor allowed the agents to access shell like commands, as well as file transfer capabilities. This means that potentially, the attackers could access and retrieve sensitive documents stored in USB drives attached to the televisions.
One of the most important capabilities developed by the attackers was the ability to remotely turn off automatic updates to the Smart Televisions, circumventing any measures by Samsung to automatically fix security holes. If the user of the compromised television manually updated the firmware, there was a chance that the implant or part of the implant would be erased. The installation process for the malicious implant mimicked the workings of a regular Samsung Smart TV application.