Wikileaks Documents on Samsung Smart TVs Pose Risks for an Embattled Tech Giant
March 09 2017 - 07:25PM
Dow Jones News
By Timothy W. Martin and Robert McMillan
It turns out smart TVs might be smarter than consumers ever
wanted.
One concern raised by the WikiLeaks document trove published
this week, which purportedly described Central Intelligence Agency
tools for hacking dozens of gadgets, was that the agency could turn
certain Samsung Electronics Co. televisions into spying devices.
The trick: making the screen go black so the TVs appear off but are
still powered on, then recording private conversations using the
microphones built in to enable voice-activated features.
The WikiLeaks disclosures -- which the group said also reveal
the CIA's ability to exploit products of other companies, including
Apple Inc., Alphabet Inc.'s Google, and Microsoft Corp. -- have
sent a chilling message to tech giants whose connected devices are
increasingly becoming part of the home. Interconnected gadgets,
touted to consumers for their convenience, could also introduce new
ways to poach personal information.
Few firms have more at stake than Samsung, which is the world's
largest maker of smartphones, televisions and memory chips and
produces a wide range of other connected devices. The South Korean
giant is mired in scandal at home, with de facto leader Lee
Jae-yong indicted on bribery and other charges. And its mobile
division is reeling from a recall last year of the Galaxy Note 7
smartphone. Samsung's next flagship device, the Galaxy S8, is due
to launch later this month.
The risk for Samsung and other tech firms is that the leaks
could fuel consumer concerns that slow the shift toward more
connected homes. The number of connected "things" around the world,
from televisions to baby monitors to thermostats, was 3.8 billion
in 2014, according to Gartner Inc., with projections of 8.4 billion
this year and 20.4 billion by 2020.
Many of the companies involved, including Samsung, said they
believed they had already addressed many vulnerabilities with
software updates but were continuing to investigate the matter.
The CIA program that allegedly hacks Samsung smart TVs was
nicknamed "Weeping Angel," a reference to the frightening
stone-like creatures from the British Broadcasting Corp. television
series "Dr. Who" that only move when no one is looking at them. The
tool was developed in June 2014 during a joint workshop with the
CIA and British intelligence agencies, according to the WikiLeaks
documents.
A Samsung spokesman said the WikiLeaks report described
malicious software installed by "a physically connected USB drive"
and affected televisions sold in 2012 and 2013. Most of those sets
have received requisite software updates, he said.
"We continually monitor for any security risks across our Smart
TV platforms and if we find one, we promptly address it," the
spokesman said.
The leaked documents' description of the "Weeping Angel" tool
appears similar to a technique that security researchers Lee
Seung-Jin and Kim Seung-joo disclosed at a hacking conference in
2013 in a presentation to alert device makers and the general
public to these security risks.
In both cases, the technique enabled an intruder to put the
television into a "fake off" mode where the screen powered down,
but the underlying computer system remained operational as long as
the TV was still plugged in. The hackers could then covertly record
conversations and send them back to the CIA, the WikiLeaks
documents said.
It "sounds like they used our code or they invented almost the
same tech as ours," Mr. Lee said in an email.
Messrs Lee and Kim said in their presentation that by
manipulating the "firmware" installed on a device, they were able
to leave the Samsung television running even when it was switched
off by users. They programmed the system to shut off its screen and
its red LED power light to appear nonoperational. The device "looks
literally 'turned off' and the TV will be a best spy for you," Mr.
Lee said. "After that, it can monitor you through the camera and
microphone 24/7 until people pull the plug."
Samsung's voice-activated TV features faced a backlash over
privacy issues two years ago. The cause was language in the
company's smart TV privacy policy stating "if your spoken words
include personal or other sensitive information, that information
will be among the data captured and transmitted to a third
party."
Samsung said at the time that consumers had a multistep process
to opt in to voice recognition and that the software could be
deactivated at any time. The data collection provision existed to
help with internal evaluations and product improvement, the firm
said.
Some cybersecurity experts said nearly any device would be
vulnerable if an attacker could access it in person, rather than
remotely. "If you have physical access to something, you can hack
it," said Craig Young, principal security researcher at Tripwire
Inc.
Still, experts say TVs are particularly vulnerable to
cyberattacks, especially those with cameras and microphones,
because consumers don't always think to download the new versions
of software on their televisions the way they do on smartphones,
which receive frequent software and security updates.
"Perhaps we pay less attention than we should because not
everybody uses all of the functionality of a smart TV," said Atul
Prakash, an electrical engineering and computer science professor
at the University of Michigan. "It's there. But it's kind of
invisible."
Write to Timothy W. Martin at timothy.martin@wsj.com and Robert
McMillan at Robert.Mcmillan@wsj.com
(END) Dow Jones Newswires
March 09, 2017 19:10 ET (00:10 GMT)
Copyright (c) 2017 Dow Jones & Company, Inc.
Alphabet (NASDAQ:GOOG)
Historical Stock Chart
From Feb 2024 to Mar 2024
Alphabet (NASDAQ:GOOG)
Historical Stock Chart
From Mar 2023 to Mar 2024