How the CIA Could Eavesdrop on a Samsung TV
One device common to all modern homes is the smart TV. Apart from the WiFi connectivity specific to smart things, this gadget often comes with a built-in webcam and a microphone, for video calls or voice commands. These capabilities are what attackers want to control, for purposes ranging from sneaking inside the home network to turning the set into the proverbial fly on the wall.
WikiLeaks last week published what appears to be a user guide from early 2014 for the tool the CIA allegedly used to convert a certain Samsung Smart TV model into a first-hand listening device. Dubbed “Weeping Angel,” the tool relies on an implant called “Extending,” whose purpose is to record audio from the microphone built into the set. The data could be stored locally or delivered over WiFi to a device within range.
The implant was designed to remain fully concealed in Samsung F Series Smart TVs; one of its features is “fake-off recording,” a state that makes the device seem turned off, when in fact its processor is still running. This is done by hijacking the switch-off command, turning off just the screen, and controlling the LED that tells the owner the set’s state.
The developers behind “Extending” also added safety measures that eliminate detection risk when configured improperly by triggering a self-deletion sequence. Its handler can also define a date and time for the tool to uninstall automatically. The scheduled deletion depends on connectivity to a NTP server and, if this is not available, the tool removes itself from the host, reveals the document from WikiLeaks.
Despite the impressive capabilities of the tool, the version covered by the user guide released by WikiLeaks cannot be installed remotely and physical access to the TV is necessary to get it up and running. Proximity is also essential for retrieving the recorded data.
More recent research from security professionals, however, shatters the proximity barrier. One method was described this year by penetration tester Rafael Scheels, who used the DVB-T (digital video broadcasting – terrestrial) wireless standard to make the TV load a website of his choosing in the background.
For Scheels’ method to work, the TV needs to support the HbbTV (Hybrid Broadcast Broadband TV) technology. This is the opposite of a limitation for the attack because HbbTV functionality is present in about nine out of ten sets sold in recent years. Luckily, the DVB Steering Board moved promptly and updated the technical specification of the standard to eliminate the vulnerability.
Amihai Neiderman, another security researcher, recently disclosed more than 40 vulnerabilities in the Tizen operating system that powers tens of millions of Samsung Smart TVs and other products. One of the flaws could be exploited to deliver any type of malicious code to the device and take complete control over it.
Although these revelations about smart TV hacking may generate anxiety in average consumers, the takeaway for them is simple: such action from intelligence agencies is aimed at specific targets, and the chances of a cyber-criminal succeeding with these kinds of attacks of can be reduced with a security solution that protects all connected devices in the home network.
Image credit: PixabayIoT Samsung Smart TV Smart TV hacking