Blog: Internet Of Things
Weeping Angel. Old News?
We read with great interest the unfolding story of Wikileaks CIA data dump “Vault7”. What stood out for us was “Weeping Angel”. A piece of software that could subvert and use smart Samsung TVs as covert listening devices.
Sound familiar? It does to us:
- https://www.pentestpartners.com/blog/is-your-samsung-tv-listening-to-you/
- https://www.pentestpartners.com/blog/is-your-samsung-tv-listening-to-you-update/
- https://www.pentestpartners.com/blog/samsung-tv-voice-encryption-update-fixed-but-not-quite/
OK, our Samsung TV security research was never going to be coded into a usable app or product, but based on what we found it would be easily do-able. We did however create a covert “listening” app for Android phones, purely as a PoC for the BBC, there’s a nice video here: http://www.bbc.co.uk/news/technology-35639549.
What does the leaked info actually tell us about Weeping Angel?
After looking at the engineering notes (https://wikileaks.org/ciav7p1/cms/page_12353643.html) our first impression is that its more a collection of notes than a proper guide. It reads more like something that they’re working on, rather than a final thing:
- There seems to be no dropper indicated: there’s allusion to a USB solution, which was “fixed” in a firmware update.
- It appears to be installed as an app, so in theory they would need to gain physical access to your TV (not beyond the realms of possibility).
- It uses Wi-Fi to send audio out, the implication is that a wireless access point is set up near to talk back to (there’s a lot of talk about making this persistent).
- The source code came santised from “the UK” minus comms and encryption – this is more important to me – it implies that MI5 already had this as a solution.
Weeping Angel summarised:
So in essence (from what little information we have):
- It’s an app installed on the TV by an unknown vector – most likely in person
- It has a pseudo off mode where it looks like it is switched off and it can listen and receive audio.
- It sends the audio via wireless to a local wi-fi network, which would probably have to be set up.
- Once installed it looks like it would be a proper drop box – it could allow command execution and file transfer.