![](\"https:\/\/stateofthenation2012.com\/wp-content\/uploads\/2017\/03\/AP_206501133391-1488911180-article-header.jpg\")
<\/a>Photo: Jae C. Hong\/AP<\/p><\/div>\n
Sam Biddle
\nThe Intercept<\/p>\n
IT\u2019S DIFFICULT<\/u>\u00a0to buy a new TV that doesn\u2019t come with a suite of (generally mediocre) \u201csmart\u201d software, giving your home theater some of the functions typically found in phones and tablets.\u00a0But bringing these extra features into your living room means bringing a microphone, too \u2014 a fact the CIA is exploiting, according to a new trove of documents released today by WikiLeaks.<\/p>\n
According to documents inside the cache, a CIA program named \u201cWeeping Angel\u201d <\/a>provided the agency\u2019s hackers with access to Samsung Smart TVs, allowing a television\u2019s built-in voice control microphone to be remotely enabled while keeping the appearance that the TV itself was switched off, called \u201cFake-Off mode.\u201d Although the display would be switched off, and LED indicator lights would be suppressed, the hardware inside the television would continue to operate, unbeknownst to the owner. The method, co-developed with British intelligence, required implanting a given TV with malware\u2014it\u2019s unclear if this attack could be executed remotely, but the documentation includes reference to in-person infection via a tainted USB drive. Once the malware was inside the TV, it could relay recorded audio data to a third party (presumably a server controlled by the CIA) through the included network connection<\/a>.<\/p>\n WikiLeaks said its cache<\/a> included more than 8,000 documents originating from within the CIA and came via a source, who the group did not identify, who was concerned that the agency\u2019s \u201chacking capabilities exceed its mandated powers,\u201d and who wanted to \u201cinitiate a public debate\u201d about the proliferation of cyberweapons. WikiLeaks said the documents also showed extensive hacking of smartphones, including Apple\u2019s iPhones<\/a>; a large library of allegedly serious computer attacks that were not reported to tech companies like Apple, Google, and Microsoft; malware from hacker groups and other nation-states, including, WikiLeaks said, Russia, that could be used to hide the agency\u2019s involvement in cyberattacks; and the growth of a substantial hacking division within the CIA, known as the Center for Cyber Intelligence, bringing the agency further into the sort of cyberwarfare traditionally practiced by its rival the National Security Agency.<\/p>\n The smart TV breach is just the latest example of a security problem emerging from the so-called \u201cInternet of Things,\u201d the increasingly large catalog of consumer products that include (or require)\u00a0an internet connection for contrived \u201csmart\u201d functionality. Last year, the Guardian reported<\/a> that Director of National Intelligence James Clapper told the Senate that breaching smart devices was a priority for American spies: \u201cIn the future, intelligence services might use the [internet of things] for identification, surveillance, monitoring, location tracking, and targeting for recruitment, or to gain access to networks or user credentials.\u201d<\/p>\n Security and cryptography researcher Kenneth White told The Intercept that smart TVs are \u201chistorically a pretty easy target\u201d and \u201ca pretty great attack platform,\u201d given that TVs are typically located in a living room or bedroom.\u201d White added that \u201cthere is zero chance the [CIA has]\u00a0only targeted Samsung. It\u2019s just too easy to mod other embedded OSes\u201d found in the smart TVs sold by every other manufacturer.<\/p>\n This new WikiLeaks dump contains no apparent information about who exactly was targeted by Weeping Angel, or when. It\u2019s also unclear how many models of Samsung TVs were vulnerable to Weeping Angel \u2014 the CIA documents published by WikiLeaks only mention one model, the F8000 (albeit a very popular and well-reviewed model: Engadget described<\/a> it as \u201cthe best smart TV system you\u2019ll find anywhere.\u201d) After privacy concerns<\/a> about Samsung\u2019s TV voice recognition feature spread in 2015, the company released an FAQ meant to soothe worried consumers. Addressing the question of \u201cHow do I know it\u2019s listening or not?,\u201d Samsung assured users that \u201cIf the TV\u2019s voice recognition feature is turned on for a command, an icon of a microphone will appear on the screen,\u201d but \u201cif no icon appears on the screen, the voice recognition feature is off.\u201d<\/p>\n This assurance about displayed icons is of course worth nothing if the CIA has hijacked the\u00a0TV. What Samsung seems to have taken for granted was that the company, and its customers, could fully control the operation of its televisions. As the CIA\u2019s Fake-Off exploit shows, the company\u2019s assurances to consumers that a TV\u2019s voice recognition controls\u00a0would operate in a transparent manner do not hold true once spies and (potentially other hackers) get involved.<\/p>\n Samsung did not immediately return a request for comment. A CIA spokesperson replied\u00a0\u201cWe do not comment on the authenticity or content of purported intelligence documents.\u201d<\/span><\/p>\n