CIA and MI5 Allegedly Had the Capability to Use Samsung Smart TVs as Bugs ⇥ theguardian.com

Alex Hern, the Guardian:

Other zero days described in the dataset, which totals around a gigabyte of publicly released files, include one which allows the agency to turn a popular brand of smart TV into a remote bug, spying on the user. Dubbed “Weeping Angel”, after a villain in BBC TV series Doctor Who, the malware was apparently developed in conjunction with British intelligence service MI5 and could be used to take control of TVs made by Korean firm Samsung and listen to conversations while appearing to be switched off.

The vulnerability with Samsung TVs was not publicly known until the release of the WikiLeaks documents. It is not known if the zero-day attack still works or if the hole has since been fixed by a software update, but the leak suggests that at least one version of the malware was shut down by a patch: the documents warn that “Firmware version 1118 [and higher] eliminated the current USB installation method.”

A reminder that this sort of thing will become far more prevalent as regular “dumb” home devices are replaced with “smart” versions.

Not too long ago, smart device manufacturers were complaining about the security methods required to certify products for Apple’s HomeKit platform. With every breach, that position is looking decreasingly tenable. The quality of a device’s security shouldn’t depend on whether it’s trying to guard against a targeted bugging operation from an intelligence agency or leaky code in a stuffed animal — everything becomes a risk when it contains a microchip.

Update: Robert Graham of Errata Security:

The docs are clear that they can update the software running on the TV using a USB drive. There’s no evidence of them doing so remotely over the Internet. If you aren’t afraid of the CIA breaking in an installing a listening device, then you should’t be afraid of the CIA installing listening software.