WikiLeaks says CIA hacked Samsung smart TVs

Last Updated Mar 8, 2017 11:12 AM EST

WikiLeaks says Samsung smart TVs were hacked to enable spying on consumers. 

In a trove of documents released Tuesday, WikiLeaks included code that it says shows the CIA worked with U.K. intelligence officials to turn microphones in TVs into listening devices.

Samsung smart TVs have microphones so viewers can make voice commands, such as requests for movie recommendations. The commands typically aren’t transmitted outside the home unless users activate the feature. If the TV is off, there’s no listening being done.

But WikiLeaks claims that documents it obtained show that through a program called Weeping Angel, the target TV appears to be off when it is actually on -- and listening.

WikiLeaks says the audio goes to a covert CIA server rather than a party authorized by Samsung. In such cases, audio isn’t limited to TV commands but could include everyday conversations.

The totality of the information, code-named “Vault7,” included more than 8,700 documents and files. WikiLeaks, in a press release announcing the documents, said the CIA “lost control” of its vast array of hacking and spying tools. “The archive appears to have been circulated among former U.S. government hackers and contractors in an unauthorized manner, one of whom has provided WikiLeaks with portions of the archive,” WikiLeaks said.

In an unusual move, WikiLeaks said it was withholding some secrets inside the documents. Among them, it said it had withheld details of tens of thousands of “CIA targets and attack machines throughout Latin America, Europe and the United States.”

Other tools in the CIA’s arsenal target PCs running Microsoft’s Windows system, according to WikiLeaks, which says many of the attacks are in the form of viruses designed to spread through CDs and USB drives.
       
WikiLeaks also says the CIA was also targeting control systems used by cars and trucks. Although WikiLeaks didn’t have details on how that might be used, it said the capability might allow the CIA to “engage in nearly undetectable assassinations.”

The authenticity of the documents published by Wikileaks has yet to be confirmed. In a statement to CBS News, CIA spokesman Jonathan Liu said, “We do not comment on the authenticity or content of purported intelligence documents.”

Jake Williams of security firm Rendition Infosec said the extensive references to operation security in the documents released by Wikileaks suggest they came from a government source. “I can’t fathom anyone fabricated that amount of operational security concern,” he said. “It rings true to me.”

Microsoft said it was aware of the reports and was looking into them. Apple and Google didn’t immediately respond to requests for comment. In a statement, General Motors said it would be premature to comment on the documents, including their authenticity. But GM added that it knew of no injuries or death resulting from the hacking of a vehicle.

Samsung issued a statement saying, “Protecting consumers’ privacy and the security of our devices is a top priority at Samsung. We are aware of the report in question and are urgently looking into the matter.”