Hack Your Own Samsung TV With The CIA’s Weeping Angel Exploit

[Wikileaks] has just published the CIA’s engineering notes for Weeping Angel Samsung TV Exploit. This dump includes information for field agents on how to exploit the Samsung’s F-series TVs, turning them into remotely controlled spy microphones that can send audio back to their HQ.

An attacker needs physical access to exploit the Smart TV, because they need to insert a USB drive and press keys on the remote to update the firmware, so this isn’t something that you’re likely to suffer personally. The exploit works by pretending to turn off the TV when the user puts the TV into standby. In reality, it’s sitting there recording all the audio it can, and then sending it back to the attacker once it comes out of “fake off mode”.

It is still unclear if this type of vulnerability could be fully patched without a product recall, although firmware version 1118+ eliminates the USB installation method.

The hack comes along with a few bugs that most people probably wouldn’t notice, but we are willing to bet that your average Hackaday reader would. For instance, a blue LED stays on during “fake off mode” and the Samsung and SmartHub logos don’t appear when you turn the TV back on. The leaked document is from 2014, though, so maybe they’ve “fixed” them by now.

Do you own a Samsung F-series TV? If you do, we wouldn’t worry too much about it unless you are tailed by spies on a regular basis. Don’t trust the TV repairman!

Low-cost Video Streaming with a Webcam and Raspberry Pi

Some people will tell you that YouTube has become a vast wasteland of entertainment like the boob tube before it. Live streaming doesn’t help the situation much, and this entry level webcam live-stream server isn’t poised to advance the art.

We jest, but only a little. [Mike Haldas] runs a video surveillance company that sells all manner of web-enabled cameras and wondered what it would take to get a low-end camera set up for live streaming. The first step was converting the Zavio webcam stream from RTSP (real-time streaming protocol) to the standard that YouTube uses, RTMP (real-time messaging protocol). Luckily, FFmpeg handles that conversion, so he compiled it for his MacBook Pro and set up a proof of concept. It worked, but he needed a compact solution that would free up his laptop. Raspberry Pi to the rescue – after loading a bunch of libraries and a four-hour build and install of FFmpeg, the webcam was streaming 1080p video of [Mike]’s sales office. He was worried that the Pi wouldn’t have the power needed for the job, and that it would be unstable. But as of this writing, the stream below has been active for six days, and it’s riveting stuff.

Raspberry Pis are a staple in the audio streaming world, like this pro-grade FM broadcast streaming rack or this minuscule internet radio streamer. And of course there’s this quick and dirty, warm and fuzzy streaming baby monitor.

Continue reading “Low-cost Video Streaming with a Webcam and Raspberry Pi”

NSA Technology Goes Open Hardware

When [Edward Snowden] smeared the internet with classified NSA documents, it brought to light the many spying capabilities our government has at its disposal. One the most interesting of these documents is known as the ANT catalog. This 50 page catalog, now available to the public, reads like a mail order form where agents can simply select the technology they want and order it. One of these technologies is called the Sparrow II, and a group of hackers at Hyperion Bristol has attempted to create their own version.

The Sparrow II is an aerial surveillance platform designed to map and catalog WiFi access points. Think wardriving from a UAV. Now, if you were an NSA agent, you could just order yourself one of these nifty devices from the ANT catalog for a measly 6 grand.  However, if you’re like most of us, you can use the guidance from Hyperion Bristol to make your own.

They start off with a Raspi, a run-of-the-mill USB WiFi adapter, a Ublox GY-NEO6MV2 GPS Module, and a 1200 mAh battery to power it all. Be sure to check out the link for full details.

Thanks to [Joe] for the tip!

Hacking and Philosophy: Surveillance State

hnpss

If you don’t live under a rock (though you may want to now) you probably saw yesterday’s article from Spiegel that revealed the NSA has its own catalog for spy gadgets. Today they released an interactive graphic with the catalog’s contents, and even if you’re not a regular reader of Hacking & Philosophy, you’re going to want to take a look at it. I recommend glancing over IRATEMONK, in the “Computer Hardware” category. As the article explains, IRATEMONK is

An implant hidden in the firmware of hard drives from manufacturers including Western Digital, Seagate, Maxtor and Samsung that replaces the Master Boot Record (MBR).

It isn’t clear whether the manufacturers are complicit in implanting IRATEMONK in their hardware, or if the NSA has just developed it to work with those drives. Either way, it raises an important question: how do we know we can trust the hardware? The short answer is that we can’t. According to the text accompanying the graphic, the NSA

…[installs] hardware units on a targeted computer by, for example, intercepting the device when it’s first being delivered to its intended recipient, a process the NSA calls ‘interdiction.’

We’re interested to hear your responses to this: is the situation as bleak as it seems? How do you build a system that you know you can trust? Are there any alternatives that better guarantee you aren’t being spied on? Read on for more.

Continue reading “Hacking and Philosophy: Surveillance State”

Man tracks children using a quadcopter

child-tracking-quadcopter

Instead of walking his kid to the bus stop like he used to, [Paul Wallich] lets this quadcopter watch his son so he doesn’t have to. It is quite literally an automated system for tracking children — how wild is that?

The idea came to him when wishing there was a way to stay inside the house during the winter months while still making sure his kid got to the bus stop okay. [Paul] picked up a quadcopter kit and started looking at ways to add monitoring. He found the easiest technique was to include a cellphone and watch via a video chat app. But that is only part of the build as he would still have to fly the thing. After searching around he found a beacon that can be placed in the backpack. It has a GPS module, an RF modem, and runs a stripped down Python scripting shell. Whenever the GPS data changes (signaling his son is on the move) it uplinks with the quadcopter and gives it the new coordinates.

This goes a long way to making your family a police state. May we also recommend forcing the children to punch a time clock?

[via: theGrue]

Hackaday Links: August 12, 2012

License plate tablet rack

[Hunter Davis] used an old license plate as a tablet stand. It loops around the leg of his laptop table and has a cutout for the power cord of the tablet.

More power power wheels

It may look stock, but this power wheels is hiding a new frame, motors, and tires. You won’t see it in the Power Wheels Racing Series, but it is a ton of fun for this lucky kid.

Surveillance camera chess

Want to play a game? A yellow briefcase hijacks surveillance camera feeds and lets those monitoring them play chess via text message.

ATX bench supply looks like a bench supply

Here’s another rendition of an ATX bench supply. [Ast] rolled in a voltmeter for the variable voltage plug, and an ammeter to finish off the hack.

Lync auto-responder to fool the bossman

In a move reminiscent of [Ferris Bueller], [Sepehr] coded a Lync auto responder to answer the boss when he sends an IM.

OK, you might not be paranoid – perhaps that priority mail box IS spying on you

rc-box-bot

[Thomas Renck] recently picked up a 1000mW wireless video transmitter that he ultimately planned to mount in an RC plane. Before he strapped it on a plane to potentially kiss it goodbye for good, he wanted to play with it a while to see what it was capable of.

After a friend helped him determine the camera’s maximum range (about 1900 feet on open ground), he thought it would be fun to strap it on his nitro R/C truck. That didn’t work out so well due to some vibration issues, so he constructed a makeshift R/C car from the shipping box the camera arrived in, along with some other odds and ends.

As you can see in the video below, the propeller-driven “Boxmobile” zips along quite nicely. The video feed from the camera is pretty impressive too, allowing him to easily guide the car while it’s well out of sight.

At nearly $350, the self-proclaimed “ghetto-bot” is certainly not cheap, though we hear body repairs are a piece of cake!

Continue reading “OK, you might not be paranoid – perhaps that priority mail box IS spying on you”