WikiLeaks Exposes 'Weeping Angel' CIA Tool That Spies On Samsung Smart Televisions

by Brandon Hill — Saturday, April 22, 2017, 02:06 PM EDT

Back in early March, WikiLeaks gave the world an early glimpse into just a small sample of the hacking arsenal at the disposal of the CIA. As part of WikiLeaks’ “Vault 7” dump, we were made privy to software hacks that targeted Android- and iOS-based smartphones, Windows- and OS X-based PCs and even Samsung smart TVs.

Today, WikiLeaks released the CIA’s actual user guide for “Weeping Angel”, the exploit use to hack Samsung smart TVs. We’ve also learned that Weeping Angel is actually based on another piece of malware, “Extending”, that was developed by the British MI5 spy agency.

Weeping Angel (and Extending) are capable of tapping into a Samsung smart TV’s internal microphone, where it can then record and store sound/voice data. This in essence turned the TV’s into covert listening devices as a part of targeted surveillance operations. Weeping Angel is also sophisticated enough to collect audio information while giving the appearance that the TV is actually turned off, which makes its actions even more nefarious.

However, it should be noted that Weeping Angel is only applicable to 2013-era Samsung F-Series smart TVs. And more importantly, it had to be manually installed on a TV using a USB drive. The user guide states:

The implant is configured on a Linux PC, and then deployed onto the TV using a USB stick (after having configured it using a Linux-bases system). Audio files can then be extracted using a USB stick or setting up a Wi-Fi hotspot with-in range of the TV. It is also possible to listen to audio exfiltration live, using the Live Listen Tool, designed for use on a Windows OS.

However, given the CIA and MI5’s penchant to operating in secrecy, this was something that likely could have been pulled off with ease for an intended target.

The user guide goes into great detail on how to install/uninstall the malware, how to retrieve audio recordings and how MI5 (and by extension, the CIA) can listen in to conversations live using a Wi-Fi hotspot. The British version of the malware is called “Extending” and was only capable of being deployed on 2013-era Samsung F-Series televisions. The Live Listen Tool is compatible with Windows 7 and Windows 8 operating systems.

The original British documentation for Extending/Weeping Angel is dated February 2014, is stamped with “UK Eyes Only” and classified as Secret Strap 2. Strap 2 is the middle-tier level of sensitivity in the British intelligence agency’s STRAP System, with Strap 3 being the most sensitive.

It’s not known how successful the CIA and MI5 were at using Extending and Weeping Angel to conduct surveillance operations given the rather narrow target range of Samsung smart TVs. However, rest assured that the agencies likely have more powerful tools in their inventory that haven’t been uncovered… yet.

Tags: Samsung, Wikileaks, smart tv, CIA, weeping angel, extending, mi5

Brandon Hill

Brandon received his first PC, an IBM Aptiva 310, in 1994 and hasn’t looked back since. He cut his teeth on computer building/repair working at a mom and pop computer shop as a plucky teen in the mid 90s and went on to join AnandTech as the Senior News Editor in 1999. Brandon would later help to form DailyTech where he served as Editor-in-Chief from 2008 until 2014. Brandon is a tech geek at heart, and family members always know where to turn when they need free tech support. When he isn’t writing about the tech hardware or studying up on the latest in mobile gadgets, you’ll find him browsing forums that cater to his long-running passion: automobiles.

Opinions and content posted by HotHardware contributors are their own.

Which New GPU Is For You?

Stay updated with the latest news and updates. Subscribe to our newsletter!

Subscribe Now