Page 79 - Cyber Warnings
P. 79
Smart TVs
Not Completely Safe
by Charles Parker, II; Cybersecurity Lab Engineer
There are few devices that are as well-known and seen virtually everywhere. These are located
throughout the bedrooms, living rooms, kitchens, and recreation rooms. In a commercial
environment, these devices are in conference rooms and hallways on the business or news
channels. In retail there may be a bank of them on a wall, all showing the same thing. As time
has passed, the technology has improved significantly. This has affected TVs. There are in the
marketplace several manufacturers producing more advanced smart TVs with connectivity. As
with any newer technology, people look to exploit any vulnerabilities. The connectivity of the IoT
devices, inclusive of the connected TVs, has provided the outlet for this.
There has been malware coded to exploit the connected TV vulnerabilities. Until recently,
Weeping Angel was previously unknown. This malware was published as part of the Vault 7
Wikileaks. This was coded to attack the connected TV. Granted, the connected aspect for the
TV makes this a prime target, this has not had the limelight on it that other attack vectors have.
A Brand New Age
The attackers are always looking for new areas within a system to manipulate. With all of the
bug bounty programs in place, this is treated as a challenge by the attackers. With this specific
sample, once the TV is infected, the malware is able to exfiltrate information and data. To
accomplish this, the malware uses the microphones is the smart TVs to monitor the noise,
speech, and other activities in the vicinity of the TV. Any person talking proximate to the TV
would be monitored and recorded, without authorization. Without this, user’s owning and being
near the smart TVs in their home and office may be spied on without their knowledge. The
target smart TVs are the Samsung manufactured models in 2012 and 2013.
Method
This malware was coded allegedly by the CIA in conjunction with the UK’s MI5/BTSS. In effect;
this malware makes the user’s TV a bug. This however requires physical access to the TV.
There has been no evidence this attack could be done remotely or due to an upgrade in the OS.
The infection method as shown has been the USB drive.
This attack tricks the user into believing the TV is off when it actually is recording the room’s
noise. This begins to work as the user turns off the TV or so they believe. The TV registers as
being turned off to the user. To ensure the user believes this, the TV’s LED lights are disabled,
much like a RAT. This is the False-Off mode. At this point the TV is still actively on and monitors
the activities near the TV. This works to record these and send them to the CIA servers via the
Wi Fi in a file format. This allegedly also was coded to seek and record user names, passwords,
and Wi Fi keys.
79 Cyber Warnings E-Magazine – July 2017 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
