CIA, MI5 hacked smart TVs to eavesdrop on private conversations

The malware, developed during a hackathon between British and American spies, turns ordinary smart TVs into listening devices.
Written by Zack Whittaker, Contributor

(Image: CNET/CBS Interactive)

Buried in a trove of classified and secret CIA documents leaked earlier on Tuesday are files that show British and American spies worked closely together to hack into smart TVs.

The documents, which can't be independently verified, are part of a trove of files provided by WikiLeaks, which dropped thousands of documents said to be from the CIA's elite hacking unit, dubbed the Center for Cyber Intelligence.

Although the CIA has yet to comment, former NSA contractor turned whistleblower Edward Snowden said that the cache "looks authentic," because program and office descriptions named in the documents could only be known by a "cleared insider."

One such program, dubbed "Weeping Angel," allowed spies to turn a regular Samsung smart TV into a listening device.

The "secret" classified program, developed during a hackathon between spies at the CIA and British domestic security service MI5 in mid-2014, is said to act like a regular smart TV app, but it can record audio from its surrounding areas, such as a living room or a busy office.

According to Shodan, the search engine for internet-connected devices, there are at least 11,300 Samsung smart TVs connected to the internet.

In case you didn't know, many Samsung and other smart TVs come with an embedded microphone and camera to power its voice-recognition system and other features.

A review of a number of documents show how crafty the malware is: One file said the malware can suppress the TV's power functionality to make it look like the smart TV is turned off.

The so-called "Fake-Off" mode would trigger when the user uses the remote control to turn the TV off, because the malware "already hooks key presses from the remote (or TV goes to sleep) to cause the system to enter Fake-Off rather than Off," said one document.

The malware also suppresses the TV's power light to make it look as though the TV was powered down, but it allowed spies to keep recording.

According to another document, the malware can also extract Wi-Fi passwords and install a root certificate to carry out man-in-the-middle attacks.

That could allow further exploitation of the network that the smart TV is connected to.

A future version of the malware appears to look into recording images and video from the smart TV (if it comes with an embedded camera) as well as live streaming of audio.

It's not the first time smart TVs have been targeted for surveillance.

Samsung's smart TVs were known to be streaming back continuous recordings as early as 2015 after security researchers found the devices were transmitting outbound data. Samsung since updated its privacy policy to warn that personal and other sensitive information can be picked up by the TV's microphone.

Kenneth White, a security researcher and cryptographer, told The Intercept that smart TVs are a "historically pretty easy target," and that there is "zero chance" that the CIA targeted only Samsung.

Samsung did not respond to a request for comment.

VIDEO: Major US cities are plagued by millions of exposed IoT devices

Editorial standards