[Wikileaks] has just published the CIA’s engineering notes for Weeping Angel Samsung TV Exploit. This dump includes information for field agents on how to exploit the Samsung’s F-series TVs, turning them into remotely controlled spy microphones that can send audio back to their HQ.
An attacker needs physical access to exploit the Smart TV, because they need to insert a USB drive and press keys on the remote to update the firmware, so this isn’t something that you’re likely to suffer personally. The exploit works by pretending to turn off the TV when the user puts the TV into standby. In reality, it’s sitting there recording all the audio it can, and then sending it back to the attacker once it comes out of “fake off mode”.
It is still unclear if this type of vulnerability could be fully patched without a product recall, although firmware version 1118+ eliminates the USB installation method.
The hack comes along with a few bugs that most people probably wouldn’t notice, but we are willing to bet that your average Hackaday reader would. For instance, a blue LED stays on during “fake off mode” and the Samsung and SmartHub logos don’t appear when you turn the TV back on. The leaked document is from 2014, though, so maybe they’ve “fixed” them by now.
Do you own a Samsung F-series TV? If you do, we wouldn’t worry too much about it unless you are tailed by spies on a regular basis. Don’t trust the TV repairman!
The latest from WikiLeaks is the largest collection of documents ever released from the CIA. The release, called ‘Vault 7: CIA Hacking Tools Revealed’, is the CIA’s hacking arsenal.
While Vault 7 is only the first part in a series of leaks of documents from the CIA, this leak is itself massive. The documents, available on the WikiLeaks site and available as a torrent, detail the extent of the CIA’s hacking program.
Of note, the CIA has developed numerous 0-day exploits for iOS and Android devices. The ‘Weeping Angel’ exploit for Samsung smart TVs, “places the target TV in a ‘Fake-Off’ mode, so that the owner falsely believes the TV is off when it is on.” This Fake-Off mode enables a microphone in the TV, records communications in the room, and sends these recordings to a CIA server. Additionally, the CIA has also developed tools to take over vehicle control systems. The purpose of such tools is speculative but could be used to send a moving car off the road.
It is not an exaggeration to say this is the most significant leak from a government agency since Snowden, and possibly since the Pentagon Papers. This is the documentation for the CIA’s cyberwarfare program, and there are more leaks to come. It will be a while until interested parties — Hackaday included — can make sense of this leak, but until then WikiLeaks has published a directory of this release.
Header image source (CC BY 2.0)
Shortwave radio is boring, right? Maybe not. You never know what intrigue and excitement you might intercept. We recently covered secret number stations, and while no one knows for sure exactly what their purpose is, it is almost surely involving cloaks and daggers. However, there’s been some more obvious espionage radio, like Radio Swan.
The swan didn’t refer to the animal, but rather an island just off of Honduras that, until 1972, was disputed between Honduras and the United States. The island got its name–reportedly–because it was used as a base for a pirate named Swan in the 17th century. This island also had a long history of use by the United States government. The Department of Agriculture used it to quarantine imported beef and a variety of government departments had weather stations there.
You might wonder why the United States claimed a tiny island so far away from its shores. It turns out, it was all about guano. The Guano Islands Act of 1856 allowed the president to designate otherwise unclaimed territory as part of the United States for the purpose of collecting guano which, in addition to being bird excrement, is also important because it contains phosphates used in fertilizer and gunpowder. (Honestly, you couldn’t make this stuff up if you tried.)
However, the most famous occupant of Swan Island was Radio Swan which broadcast on the AM radio band and shortwave. The station was owned by the Gibraltar Steamship Company with offices on Fifth Avenue in New York. Oddly, though, the company didn’t actually have any steamships. What it did have was some radio transmitters that had been used by Radio Free Europe and brought to the island by the United States Navy. Did I mention that the Gibraltar Steamship Company was actually a front for the Central Intelligence Agency (CIA)?
Continue reading “Swans, Pigs, and the CIA: An Unlikely Radio Story”
When you have a virtually unlimited budget, you can pull off some amazing things. This has become most evident recently as the CIA has been showing off some of its old tech. That dragonfly you see above is near life-size and actually flies. They hired a watch maker to build a tiny internal combustion engine to run it. That alone is pretty amazing, but this thing was actually flying in the 70’s. Upon further inspection of the wings, we actually have no idea how this sucker is supposed to fly. Despite our skeptical viewpoint, you can see a tiny clip of it flying after the break. You can also catch a video of “charlie” the robot catfish.
Continue reading “The CIA’s amazing bots”
TEMPEST is the covername used by the NSA and other agencies to talk about emissions from computing machinery that can divulge what the equipment is processing. We’ve covered a few projects in the past that specifically intercept EM radiation. TEMPEST for Eliza can transmit via AM using a CRT monitor, and just last Fall a group showed how to monitor USB keyboards remotely. Through the Freedom of Information Act, an interesting article from 1972 has been released. TEMPEST: A Signal Problem (PDF) covers the early history of how this phenomenon was discovered. Uncovered by Bell Labs in WWII, it affected a piece of encryption gear they were supplying to the military. The plaintext could be read over that air and also by monitoring spikes on the powerlines. Their new, heavily shielded and line filtered version of the device was rejected by the military who simply told commanders to monitor a 100 feet around their post to prevent eavesdropping. It’s an interesting read and also covers acoustic monitoring. This is just the US history of TEMPEST though, but from the anecdotes it sounds like their enemies were not just keeping pace but were also better informed.