430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

WikiLeaks published the user guide for the CIA Weeping Angel, the Samsung Smart TV Hacking Tool

WikiLeaks published the user guide related to the hacking tool allegedly used by the CIA, code-named Weeping Angel, to hack Samsung Smart TV. WikiLeaks has published a new document included in the Vault7 archive containing technical details about another hacking tool allegedly used by the U.S. Central Intelligence Agency (CIA). This time, the organization has […]

CIA analyst

WikiLeaks published the user guide related to the hacking tool allegedly used by the CIA, code-named Weeping Angel, to hack Samsung Smart TV.

WikiLeaks has published a new document included in the Vault7 archive containing technical details about another hacking tool allegedly used by the U.S. Central Intelligence Agency (CIA). This time, the organization has published information on a tool designed to record audio via the built-in microphone of some Samsung smart TVs.

The tool is the Weeping Angel, it was mentioned the first time Wikileaks published information related to the Vault 7. The Weeping Angel tool is a tool used by the cyber-spies to spy on targets through Samsung smart TVs.

CIA Weeping Angel

The Weeping Angel was based on “Extending,” an implant allegedly developed by the MI5, among its features, there is the ability to record audio via the built-in microphone of the devices.

“Today, April 21st 2017, WikiLeaks publishes the User Guide for CIA’s “Weeping Angel” tool – an implant designed for Samsung F Series Smart Televisions. Based on the “Extending” tool from MI5/BTSS, the implant is designed to record audio from the built-in microphone and egress or store the data.” reads the documentation released by Wikileaks. 

WikiLeaks has now released the user guide of the hacking tool that is dated February 2014. The document details the implant developed to exploit Samsung F series smart TVs as a surveillance system that can record audio from surrounding environment and either store or exfiltrate the recordings.

The installation of the Weeping Angel implant requests a physical access to the SmartTV, an attacker can infect the device by connecting a USB device.

“The EXTENDING implant can be installed using a Close Access method. The EXTENDING installer is loaded onto a USB stick. This USB stick is then inserted into the target SAMSUNG F Series TV, and the installer is run. The installer deploys the implant and Settings file onto the TV. EXTENDING begins to run when the TV is next powered on” reads the guide.

The EXTENDING implant can be uninstalled by using either a USB stick containing a certain configuration file or at a pre-configured time.

Data can be exfiltrated later exfiltrated via a USB stick or a compromised Wi-Fi hotspot.

The EXTENDING implant is also able to exfiltrates audio over a Wi-Fi hotspot, to a Live Listening Tool, running on a laptop.

It is interesting to note that developers had been planning to implement more data stealing features to spy on browser data and acquire Wi-Fi credentials.

The US intelligence agency still hasn’t confirmed or denied the authenticity of the Vault 7 files.

Last week security researchers at Symantec and Kaspersky have discovered evidence that links the tools described in the Vault 7 archive and the exploit used by a cyber espionage group named Longhorn.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – Weeping Angel, CIA)

[adrotate banner=”13″]