There are a few devices that are as well-known and seen virtually everywhere. They are located throughout our bedrooms, living rooms, kitchens, and recreation rooms. In a commercial environment, these devices are in conference rooms and hallways on the business or news channels. In retail there may be a bank of them on a wall, all showing the same thing.
As time has passed, technology has improved significantly. This rapidly evolving technology has affected TVs. There are in the marketplace several manufacturers producing more advanced smart TVs with connectivity. As with any newer technology, people look to exploit any vulnerabilities. The connectivity of the IoT devices, inclusive of the connected TVs, has provided the outlet for this.
There has been malware coded to exploit the connected TV vulnerabilities. Until recently, Weeping Angel was previously unknown. This malware was published as part of the Vault 7 Wikileaks. This was coded to attack the connected TV. Granted, the connected aspect for the TV makes this a prime target, this has not had the limelight on it that other attack vectors have.
A Brand New Age
The attackers are always looking for new areas within a system to manipulate. With all of the bug bounty programs in place, this is treated as a challenge by the attackers. With this specific sample, once the TV is infected, the malware is able to exfiltrate information and data. To accomplish this, the malware uses the microphones is the smart TVs to monitor the noise, speech, and other activities in the vicinity of the TV. Any person talking proximate to the TV would be monitored and recorded, without authorization. Without this, user’s owning and being near the smart TVs in their home and office may be spied on without their knowledge. The target smart TVs are the Samsung manufactured models in 2012 and 2013.
This malware was coded allegedly by the CIA in conjunction with the UK’s MI5/BTSS. In effect; this malware makes the user’s TV a bug. This however requires physical access to the TV. There has been no evidence this attack could be done remotely or due to an upgrade in the OS. The infection method as shown has been the USB drive.
This attack tricks the user into believing the TV is off when it actually is recording the room’s noise. This begins to work as the user turns off the TV or so they believe. The TV registers as being turned off to the user. To ensure the user believes this, the TV’s LED lights are disabled, much like a RAT. This is the
False-Off mode. At this point the TV is still actively on and monitors the activities near the TV. This works to record these and send them to the CIA servers via the Wi Fi in a file format. This allegedly also was coded to seek and record user names, passwords, and Wi Fi keys. There presently is one limitation due to the TV’s hardware in that the video of the room is not available.
The average person would likely not be a target. The CIA breaking into your house, plugging the USB stick into the smart TV, and egressing without being noted would not be a statistically significant event. Then again, it is not probable the CIA would have a person standing in the supply chain, installing this on TVs or a random sample of these.
If the user has an affected TV, the user certainly wants to remediate this in some form. By not completing this, the user would only continue to allow the monitoring. The user has a few options to fix this issue. The user may update the firmware over the air (OTA). If possible the TV may receive v.118, which removes the issue. Unfortunately, this may not be sufficient if the COA were to have applied the “prevent updates” version, which would avoid the update being applied.
The only sure way to have the TV reset to the factory set firmware. This appears to be an easy enough task, however, trying to rest the TV to the factory setting takes a bit of work and is not an easy task.
Brenna, C. (2017, March 8). CIA ‘Weeping Angel’ program can hack smart tvs, wikileaks says. Retrieved from http://www.nydailynews.com/news/national/wikileaks-documents-show-alleged-cia-program-hack-smart-tvs-article-1.2991141
Cluley, G. (2017, March 18). Is the CIA’s weeping angel spying on tv views? Retrieved from https://www.grahamcluley.com/cias-weeping-angel-spying-tv-viewers/
Watkins, J. (2017, March 7). Weeping angel malware activates microphone while tv appears off. Retrieved from http://www.governmentpropaganda.net/weeping-angel-malware-activates-microphone-while-tv-appears-off/
About the Author - Charles Parker, II has been working in the info sec field for over a decade, performing pen tests, vulnerability assessments, consulting with small- to medium-sized businesses to mitigate and remediate their issues, and preparing IT and info sec policies and procedures. Mr. Parker’s background includes work in the banking, medical, automotive, and staffing industries.
Share on Facebook
Share on Twitter
I'm busy working on my blog posts. Watch this space!