So I’m a little late on this one, but you know better late than never eh? Believe it or not, politics isn’t really my area, I’m an IT guy at heart. I’m considering doing a run through all the different Vault 7 documentation and what the information actually says outside of the mainstream journalism. So if you fancy learning something, let’s get stuck in with this summary of the attack.
Weeping Angels, they gave me nightmares when I was young and here they are again to haunt me in my adult life. I’m assuming they called it that because when you turn your TV off and look away, the TV is attacking your network secretly while the screen is in some fake off mode. Creepy. You are probably dying to know what the main use of this tech actually is outside the click bait, and to be honest it’s actually kinda worse than they said. Thankfully if you don’t have a Samsung TV you can breathe a sigh of relief, kind of. The media pushed the main narrative of “The TV is listening to you” because it makes a great headline, But the truth is actually far worse… The potential attacker is capable of extracting the browser history and credentials from the TV, (That’s the TV’s browser) and can extract Wifi passwords from the TV’s hard drive for cracking later. The attacker can also potentially launch another attack from the TV called MiTM (Man in the middle) This attack is a way of monitoring traffic on your home network so maybe if they get lucky, capturing passwords and viewing images or videos you are watching on the devices on your router, the technical info on this is here. Of course the dreaded streaming of audio from your TV microphone in glorious 160 kb/s in the format .ogg which is decent enough quality I guess (Spotify typically uses 320 kb/s on extreme). I can make some speculation on what else the attacker could gain access to regarding private information, this could be credit card info, the passwords of different online accounts, and possibly once they get one password they will have most of the accounts that someone has online. This attack, if it works essentially turns your TV into this all seeing eye in your living room.
So from reading this, you are probably thinking “wow that is actually terrifying” and yeah I’d be right there with you if I had a Samsung TV in my house and could test it for myself. If you have any other form of smart TV I wouldn’t be laughing just yet because they aren’t going to be much better. The main exploit of Samsung TVs seems to partly be the way that Samsung has secured the version of the operating system (Linux) that they are currently running on the TV. Many TV manufacturers probably aren’t going to put much effort into securing a TV, and hey if Samsung, one of the biggest companies in the world isn’t, it’s likely most aren’t putting any effort into it either. Yay? can’t say that this is really blowing my mind this revelation. The document doesn’t go in depth into how they access the TV remotely but there are totally ways around this issue that I’m sure the CIA has thought of such as tricking the user into downloading malicious software to open up the target to this attack. If you want me to go more in depth comment down below or hit us up on twitter and minds I’ll hopefully be doing a mini-series on the topic to try and uncover some of the interesting information that the mainstream media didn’t go into or possibly missed.