WikiLeaks reveals that both British and American intelligence agencies used an implant on Samsung TVs to secretly listen-in on user conversations.

Using MI5’s EXTENDING Tool, American counterparts at the CIA developed the listening implant tool code-named “Weeping Angel” to record audio on Samsung F Series Smart Televisions, according to the latest Vault 7 dump by WikiLeaks.

“Based on the ‘Extending’ tool from MI5/BTSS, the [Weeping Angel] implant is designed to record audio from the built-in microphone and egress or store the data,” the intro reads.

According the EXTENDING Tool user’s guide, the implant is installed using a USB stick inserted into the TV, and it could be configured to setup a WiFi hotspot through which the intelligence agencies could spy directly on live conversations.

“The implant is configured on a Linux PC, and then deployed onto the TV using a USB stick. Audio files can then be extracted using a USB stick or setting up a Wi-Fi hotspot with-in range of the TV. It is also possible to listen to audio exfiltration live, using the Live Listen Tool, designed for use on a Windows OS.”

Regarding the WiFi hotspot, which is required for Remote Access Audio Retrieval and Live Audio Exfiltrating, the user’s guide explains, “To exfiltrate files over a Wi-Fi hotspot, the hotspot must be setup within range of the TV with a preconfigured SSID, set in the config file. Files are then exfiltrated over this Wi-Fi network to a server as configured in the configuration file.”

Even when the TV is off, the CIA and MI5 still can record audio using the aptly-named “Fake-off” recording feature.

“EXTENDING will continue to record audio, even whilst the TV appears to be off. This is achieved by intercepting the command for the TV to switch-off and turning off the TV screen, leaving the processor running.”

In what appears to be a perverted form of British charm, the guide is ever-so polite in saying, “Please ensure the unencrypted settings file, encryptSettings tool and rsakeygen tool are always stored securely.”

The walkthrough of the implant’s installation in the user’s guide even gives a friendly reminder to hackers to clear the TV’s history after installing the ultra-secretive, privacy-stealing, attack apparatus on individuals’ rights.

Source : This article was published sociable.co By TIM HINCHLIFFE

Categorized in News & Politics

THE NSA, IT seems, isn’t the only American spy agency hacking the world. Judging by a new, nearly 9,000-page trove of secrets from WikiLeaks, the CIA has developed its own surprisingly wide array of intrusion tools, too.

On Tuesday morning, WikiLeaks released what it’s calling Vault 7, an unprecedented collection of internal CIA files—what appear to be a kind of web-based Wiki—that catalog the agency’s apparent hacking techniques. And while the hoards of security researchers poring through the documents have yet to find any actual code among its spilled secrets, it details surprising capabilities, from dozens of exploits targeting Android and iOS to advanced PC-compromise techniques and detailed attempts to hack Samsung smart TVs, turning them into silent listening devices.

“It certainly seems that in the CIA toolkit there were more zero-day exploits than we’d estimated,” says Jason Healey, a director at the Atlantic Council think tank, who has focused on tracking how many of those “zero-days”—undisclosed, unpatched hacking techniques—the US government has stockpiled. Healey says that he had previously estimated American government agencies might have held onto less than a hundred of those secret exploits. “It looks like CIA might have that number just by itself.”

Mobile Targets

The leak hints at hacking capabilities that range from routers and desktop operating systems to internet-of-things devices, including one passing reference to research on hacking cars. But it seems to most thoroughly detail the CIA’s work to penetrate smartphones: One chart describes more than 25 Android hacking techniques, while another shows 14 iOS attacks.

Given the CIA’s counterterrorism work—and the ability of a phone exploit to keep tabs on a target’s location—that focus on mobile makes sense, Healey says. “If you’re going to be trying to figure where Bin Laden is, mobile phones are going to be more important.”

The smartphone exploits listed, it’s important to note, are largely old. Researchers date the leak to sometime between late 2015 and early 2016, suggesting that many of the hacking techniques that may have once been zero days are now likely patched. The leak makes no mention of iOS 10, for instance. Google and Apple have yet to weigh in on the leak and whether it points to vulnerabilities that still persist in their mobile operating systems. Android security researcher John Sawyer says he has combed the Android attacks for new vulnerabilities and found “nothing that’s scary.”

He also notes, though, that the leak still hints at CIA hacking tools that have no doubt continued to evolve in the years since. “I’m quite sure they have far newer capabilities than what’s listed,” Sawyer says.

Targeting Android, for instance, the leak references eight remote-access exploits—meaning they require no physical contact with the device—including two that target Samsung Galaxy and Nexus phones and Samsung Tab tablets. Those attacks would offer hackers an initial foothold on target devices: In three cases, the exploit descriptions reference browsers like Chrome, Opera, and Samsung’s own mobile browser, suggesting that they could be launched from maliciously crafted or infected web pages. Another 15 tools are marked “priv,” suggesting they’re “privilege escalation” attacks that expand a hacker’s access from that initial foothold to gain deeper access, in many cases the “root” privileges that suggest total control of the device. That means access to any onboard files but also the microphone, camera, and more.

The iOS vulnerabilities offer more piecemeal components of a hacker tool. While one exploit offers a remote compromise of a target iPhone, the WikiLeaks documents describe the others as techniques to defeat individual layers of the iPhone’s defense. That includes the sandbox that limits applications’ access to the operating system and the security feature that randomizes where a program runs in memory to make it harder to corrupt adjacent software.

“Definitely with these exploits chained together [the CIA] could take full control of an iPhone,” says Marcello Salvati, a researcher and penetration tester at security firm Coalfire. “This is the first public evidence that’s the case.”

The leak sheds some limited light on the CIA’s sources of those exploits, too. While some of the attacks are attributed to public releases by iOS researchers, and the Chinese hacker Pangu, who has developed techniques to jailbreak the iPhone to allow the installation of unauthorized apps, others are attributed to partner agencies or contractors under codenames. The remote iOS exploit is listed as “Purchased by NSA” and “Shared with CIA.” The CIA apparently purchased two other iOS tools from a contractor listed as “Baitshop,” while the Android tools are attributed to sellers codenamed Fangtooth and Anglerfish.

In a tweet, NSA leaker Edward Snowden pointed to those references as “the first public evidence [the US government] is paying to keep US software unsafe.”

Internet of Spies

While the leak doesn’t detail the CIA’s attack techniques for desktop software like Windows and MacOS as explicitly, it does reference a “framework” for Windows attacks that seems to act as a kind of easy interface for hacking desktop machines, with “libraries” of vulnerabilities that attackers can swap in and out. It lists attacks that bypass and even exploit a long list of antivirus software to gain access to target desktop machines. And for MacOS, the document references an attack on computers’ BIOS, the software that boots before the rest of the operating system. Compromising that can lead to a particularly dangerous and deep-rooted malware infection.

“This is something we already know that can be done, but we haven’t seen it in the wild,” says Alfredo Ortega, a researcher for security firm Avast. “And by a government, no less.”

The most surprising and detailed hack described in the CIA leak, however, targets neither smartphones nor PCs, but televisions. A program called Weeping Angel details work in 2014 to turn Samsung’s smart TVs into stealthy listening devices. The research notes include references to a “Fake Off” mode that disables the television’s LEDs to make it look convincingly powered down while still capturing audio. Under a “to-do” list of potential future work, it lists capturing video, too, as well as using the television’s Wi-Fi capability in that Fake Off mode, potentially to transmit captured eavesdropping files to a remote hacker.

A tool called TinyShell appears to allow the CIA hackers full remote control of an infected television, including the ability to run code and offload files, says Matt Suiche, a security researcher and founder of the UAE-based security firm Comae Technologies. “I would assume that, by now, they would definitely have exploits for Samsung TVs,” Suiche says. “This shows that they’re interested. If you’re doing the research, you’re going to find vulnerabilities.” Samsung did not respond to WIRED’s request for comment.

The fact that the CIA mixes this sort of digital espionage with its more traditional human intelligence shouldn’t come as a surprise, says the Atlantic Council’s Healey. But he says the sheer volume of the CIA’s hacking capabilities described in the WikiLeaks release took him aback nonetheless. And that volume calls into question supposed limitations on the US government’s use of zero-day exploits, like the so-called Vulnerabilities Equities Process—a White House initiative created under President Obama to ensure that security vulnerabilities found by US agencies were disclosed and patched, where possible.

If Vault 7 is any indication, that initiative has taken a back seat to assembling a formidable array of hacking tools. “If the CIA has this many,” Healey says, “we would expect the NSA to have several times more.”

This article was  published in wired.com by ANDY GREENBERG

Categorized in Internet Privacy
Amidst WikiLeaks’ revelations about the CIA’s capabilities to hack into Apple products is DarkSeaSkies – a tool used to monitor and control MacBook Air that’s physically installed by a CIA agent or asset in “less than 29 seconds.”
 
 Screwdriver’DarkSeaSkies is a tool that runs in the background of a MacBook Air to allow the CIA command and control laptops. It is delivered via “supply chain intercept or a gift to the target.”It’s loaded onto a MacBook via booting through a thumb drive. The CIA’s user document explains: “It is assumed that an operator or asset has one-time physical access to the target system and can boot the target system to an external flash drive.”A 2009 “user requirements” document on DarkSeaSkies explains it was created to allow the CIA to access a MacBook Air.
 
 
The CIA’s COG [Computer Operations Group] had a “time-sensitive operational need” to install the Nightskies tool onto a MacBook Air, as the CIA had an “opportunity to gift a MacBook Air to a target that will be implanted with this tool.” It’s unknown who this target was.
 
 
View image on Twitter

DarkSeaSkies Components

DarkSeaSkies is actually made up of three components, Dark Matter, SeaPea and NightSkies.DarkMatter is installed in a computer’s kernal-space (core of computer’s operating system, usually in protected area of memory). It then installs the other two components of the tool, SeaPea and NightSkies.SeaPea is installed in the kernal and executes and hides NightSkies, which is implanted in the user the space (computer’s memory area that deals with apps and software).“All files, network connections, and processes associated with the NightSkies beacon are hidden by the SeaPea root-kit,” the document reads.NightSkies is the beaconing tool used to monitor and send information from the phone to a Listening Post (LP), which collects the incoming data.
 
 
Physical access is required to install DarkSeaSkies and the target must have “at minimum occasional internet access” to communicate with a CIA LP. If it’s unable to communicate with a LP, it will eventually delete itself from the system.The good news is, at least back in 2009, DarkSeaSkies would not persist in the event of a firmware update, according to the CIA’s documents.A document dealing with test procedures for DarkSeaSkies references a “MacBook Air out of the box” and explains how to install DarkSeaSkies, “run through the wizard to setup the MacBook for the first time. While you’re going through the setup you need to ensure that you set the clock to the current date and time. Disable the wireless card and the Bluetooth card.”Under “observations,” it’s noted that the tool can be installed in “less than 29 seconds.”“It takes roughly 23 seconds to get to where you can choose the thumb drive as the boot device and 6 seconds for the tool to install and power off the machine,” the document reads.
Source : rt.com
Categorized in Internet Privacy

Leak suggests CIA malware systems have targeted iPhones, Android systems, Microsoft software and Samsung smart TVs.

The CIA can turn your TV into a listening device, bypass popular encryption apps, and possibly control your car, according to thousands of documents published by WikiLeaks, an anti-surveillance group.

The group posted nearly 9,000 documents on Tuesday it said were leaked from the Central Intelligence Agency, in what it described as the largest-ever publication of secret intelligence materials.

It said the trove of documents "appears to have been circulated among former US government hackers and contractors in an unauthorised manner, one of whom has provided WikiLeaks with portions of the archive".

Jonathan Liu, a spokesman for the CIA, said: "We do not comment on the authenticity or content of purported intelligence documents."

Experts who have started to sift through the material said that it appeared legitimate.

The leak, named "Vault 7" by WikiLeaks, claims the CIA developed a malware to infect mobile phones to allow easier surveillance - but lost control of the technology. If the CIA really lost control of the technology, hackers worldwide could use the tools to steal data.

Edward McAndrew, a lawyer with a speciality in cyber security, said the security breach is a major concern for the CIA because its technology could already be in the wrong hands

"What we're hearing from WikiLeaks and others is that pieces of the toolkit are now outside of Langley [the CIA's Virginia headquarters]," he told Al Jazeera.

"If that's true, once these tools are introduced into the wild of the internet, they cannot be reclaimed. We'll then see a race between those who would use these tools to exploit others and those trying to close all these vulnerabilities that have now come to light." 

The actual hacking tools were not part of the WikiLeaks trove.

WikiLeaks said it planned to avoid distributing tools "until a consensus emerges" on the political nature of the CIA's programme and how such software could be analysed, disarmed and published.

Malware systems

WikiLeaks said the documents show the CIA has produced more than 1,000 malware systems - viruses, trojans, and other software that can infiltrate and take control of target electronics.

These hacking tools have targeted iPhones, Android systems such as the kind of personal phone reportedly still used by President Donald Trump, popular Microsoft software and Samsung smart TVs, which can be transformed into covert microphones, according to WikiLeaks.

The agency has also examined hacking into the electronic control systems on cars and trucks, potentially enabling it to control them.

By infecting smartphones, WikiLeaks said, the CIA can get around the encryption technologies of popular apps such as WhatsApp, Signal, Telegram, Weibo, and Confide by collecting communications before they are encrypted.

Matthew Green, professor of computer science, told Al Jazeera that "ordinary people" should not have to worry about the revelations.

"What I would perhaps worry about is that some of this might get into the hands of very sophisticated criminal organisations or foreign governments and be used in a very targeted way against activists or human rights workers," he said.

Source : aljazeera.com

 

Categorized in News & Politics

airs logo

Association of Internet Research Specialists is the world's leading community for the Internet Research Specialist and provide a Unified Platform that delivers, Education, Training and Certification for Online Research.

Get Exclusive Research Tips in Your Inbox

Receive Great tips via email, enter your email to Subscribe.

Follow Us on Social Media

Book Your Seat for Webinar GET FREE REGISTRATION FOR MEMBERS ONLY      Register Now