Tuesday, March 7, 2017
How the CIA Can Hack Your Phone, PC, and TV (Says WikiLeaks)
While the leak doesn’t detail the CIA’s attack techniques for desktop software like Windows and MacOS as explicitly, it does reference a “framework” for Windows attacks that seems to act as a kind of easy interface for hacking desktop machines, with “libraries” of vulnerabilities that attackers can swap in and out. It lists attacks that bypass and even exploit a long list of antivirus software to gain access to target desktop machines. And for MacOS, the document references an attack on computers’ BIOS, the software that boots before the rest of the operating system. Compromising that can lead to a particularly dangerous and deep-rooted malware infection.
“This is something we already know that can be done, but we haven’t seen it in the wild,” says Alfredo Ortega, a researcher for security firm Avast. “And by a government, no less.”
The most surprising and detailed hack described in the CIA leak, however, targets neither smartphones nor PCs, but televisions. A program called Weeping Angel details work in 2014 to turn Samsung’s smart TVs into stealthy listening devices. The research notes include references to a “Fake Off” mode that disables the television’s LEDs to make it look convincingly powered down while still capturing audio. Under a “to-do” list of potential future work, it lists capturing video, too, as well as using the television’s Wi-Fi capability in that Fake Off mode, potentially to transmit captured eavesdropping files to a remote hacker.