WikiLeaks Exposes 'Weeping Angel' CIA Tool That Spies On Samsung Smart Televisions

samsung f8000
Back in early March, WikiLeaks gave the world an early glimpse into just a small sample of the hacking arsenal at the disposal of the CIA. As part of WikiLeaks’ “Vault 7” dump, we were made privy to software hacks that targeted Android- and iOS-based smartphones, Windows- and OS X-based PCs and even Samsung smart TVs.

Today, WikiLeaks released the CIA’s actual user guide for “Weeping Angel”, the exploit use to hack Samsung smart TVs. We’ve also learned that Weeping Angel is actually based on another piece of malware, “Extending”, that was developed by the British MI5 spy agency.

Weeping Angel (and Extending) are capable of tapping into a Samsung smart TV’s internal microphone, where it can then record and store sound/voice data. This in essence turned the TV’s into covert listening devices as a part of targeted surveillance operations. Weeping Angel is also sophisticated enough to collect audio information while giving the appearance that the TV is actually turned off, which makes its actions even more nefarious.

However, it should be noted that Weeping Angel is only applicable to 2013-era Samsung F-Series smart TVs. And more importantly, it had to be manually installed on a TV using a USB drive. The user guide states:

The implant is configured on a Linux PC, and then deployed onto the TV using a USB stick (after having configured it using a Linux-bases system). Audio files can then be extracted using a USB stick or setting up a Wi-Fi hotspot with-in range of the TV. It is also possible to listen to audio exfiltration live, using the Live Listen Tool, designed for use on a Windows OS.

However, given the CIA and MI5’s penchant to operating in secrecy, this was something that likely could have been pulled off with ease for an intended target.


The user guide goes into great detail on how to install/uninstall the malware, how to retrieve audio recordings and how MI5 (and by extension, the CIA) can listen in to conversations live using a Wi-Fi hotspot. The British version of the malware is called “Extending” and was only capable of being deployed on 2013-era Samsung F-Series televisions. The Live Listen Tool is compatible with Windows 7 and Windows 8 operating systems.

The original British documentation for Extending/Weeping Angel is dated February 2014, is stamped with “UK Eyes Only” and classified as Secret Strap 2. Strap 2 is the middle-tier level of sensitivity in the British intelligence agency’s STRAP System, with Strap 3 being the most sensitive.

It’s not known how successful the CIA and MI5 were at using Extending and Weeping Angel to conduct surveillance operations given the rather narrow target range of Samsung smart TVs. However, rest assured that the agencies likely have more powerful tools in their inventory that haven’t been uncovered… yet.