New WikiLeaks Document Dump Suggests the Use of Smart TVs for Surveillance

The seal of the Central Intelligence

When WikiLeaks published close to 9,000 documents purportedly detailing CIA efforts to hack smart phones and other devices for covert surveillance operations Tuesday, one small part of the leak got a lot of attention: A handful of these documents suggest the CIA was looking to turn Samsung’s smart TVs into remote surveillance devices, activating integrated microphones and recording targets without their knowledge.

Samsung sent Variety the following statement following the original publication of this story: “Protecting consumers’ privacy and the security of our devices is a top priority at Samsung. We are aware of the report in question and are urgently looking into the matter.”

Josh Yavor wasn’t really surprised by the revelation. The director of corporate security for Duo Security held a talk at the 2013 Black Hat security conference about doing something very similar, demonstrating how Samsung’s smart TVs at the time could be remotely controlled, which included the hijacking of integrated cameras. Samsung later went on to fix that specific vulnerability.

Yavor could not authenticate the documents shared by WikiLeaks Tuesday, but told Variety that a lot of the technical details checked out. “The notes do indicate a strong understanding of the core Smart TV functionality that Samsung built on top of the underlying Linux-based operating system,” he said.

That being said, the documents shared by WikiLeaks seemed to be a bit of a work-in-progress. One of the documents remarks that malicious code had to be installed via USB drive, which would require an agent to get physical access to someone’s home in order to turn their TV into a surveillance machine. However, Yavor noted that this could also just be a first step in the development, and that a full attack may not have been available at the time of writing.

“Ongoing work likely focused on building out all of the scaffolding needed to support more advanced capabilities in the future,” he said. It’s possible that the authors of the documents later figured out a way to install malicious code over the internet, but the documents leaked on Tuesday don’t include any details about this.

It’s also worth noting that Samsung hasn’t been selling the affected TV sets for some time. The company ditched cameras for smart TVs some years ago, and has since been integrating microphones for voice control directly into TV remote controls, where they have to be activated with a special button.

All of this may not completely put consumers minds at rest, but Yavor  said Tuesday that there are some simple steps that users of smart TVs and other connected devices can take to minimize the risk of anyone spying on them. These include opting for TVs without apps altogether, regularly installing updates,  and not installing apps from unknown sources.

And then, there’s common-sense risk assessment. “Consumers should practice good operational security by considering the implications of where they install or use ‘smart’ IoT devices,” he said. “For example, installing a Smart TV that has a microphone and camera might be an acceptable risk for your living room, but not for a bedroom.”

Updated, March 8: This post was updated with a response from Samsung.

Filed Under:

Want to read more articles like this one? SUBSCRIBE TO VARIETY TODAY.
Post A Comment 1

Leave a Reply

1 Comment

Comments are moderated. They may be edited for clarity and reprinting in whole or in part in Variety publications.

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

  1. It’s getting more and more difficult to discern the good guys from the bad guys…. and perhaps when future generations look up the word “privacy” in a dictionary just a few decades from now it might say something like “a now extinct state of being able to keep information to oneself or a select group of chosen allies”.

    Whilst it has not been confirmed yet whether these revelations are true, it does seem highly plausible. How else is the US government going to know what we are up to when we are not using our smartphones, tablets, or computers? How can they tap into what we do and say when we are disconnected from our hight tech virtual world and engaged in old fashioned human to human conversation? And where else does conversation occur but where we congregate in our homes such as in the living room, family room, or in the bedroom, or in the dinining room each which are likely to have a Smart TV or be in close proximity to one.

More Digital News from Variety