WikiLeaks has published what purports to be a user manual for a previously-disclosed Smart-TV hacking tool codenamed Weeping Angel, reportedly developed by the UK Security Service, MI5, and later updated by the Central Intelligence Agency (CIA).
The Weeping Angel surveillance implant was first referenced in the initial batch of leaks from "Vault 7", the most recent series of leaks from the Julian Assange-led website. It was designed back in 2014 and is used to target Samsung's F-series range of web-connected screens.
Based on the documents it was based on a British tool dubbed "Extending" designed to record and retain audio from built-in microphones that could later be extracted with a Wi-Fi hotspot.
The latest leak highlighted more information about the limitations of the implant.
Both MI5 and CIA are believed to have collaborated on the development of the malware and coordinated their work in a number of Joint Development Workshops.
The version of the tool outlined in the files only worked with televisions from 2012 and 2013. Nevertheless, it is highly advised to ensure all security updates on such devices are installed.
The 'Extending' file shows the implant is configured on a Linux PC, and then deployed onto the TV via USB. Audio files can then be extracted using USB or by setting up a Wi-Fi hotspot within range of the TV.
It is also possible, if using Windows, to listen to live audio.
It includes a "fake-off recording" ability that will continue to record sounds even while the TV appears to be turned off. "This is achieved by intercepting the command for the TV to switch off the TV screen [but] leaving the processor running," according to the user manual.
Another feature is a time-based uninstall. "Extending can be configured to automatically uninstall after a set period of time," the document said, adding: "In order to achieve this a reliable clock must be available for the implant. This means that the target TV must be connected to the internet."
One major limitation noted in the files is "lag" before the implant takes hold. "It can take up to 30 seconds from the user turning the TV on for Extending to start running. As the exploit relies on being started by the TV then there is no way to avoid this," it stated.
"A side-effect of this is that if the user turns the TV on and then off quickly and before Extending has started up, then the TV does not enter fake-off mode," it added. "The next time the TV is turned on, the implant will still start as normal, however we will have missed a period of fake-off recording."
The 'Extending' document is marked as "Secret Strap 2" and for UK eyes only. In another WikiLeaks document, from the CIA's Embedded Development Branch, US spies complained the "the version of source released to us by the UK did not include their implementation of WiFi comms".
In a statement, Samsung said: "Protecting consumers' privacy and the security of our devices is a top priority at Samsung. We are aware of the report in question and are urgently looking into the matter." Assange has said the initial batch of Vault 7 files was "less than 1%" of the total amount.
Most recently, the US Department of Justice indicated it is planning to step up plans to arrest the WikiLeaks founder. This led to instant criticism, with many commentators and journalists claiming the Trump administration could use the precedent to pursue mainstream media outlets.
You may be interested in: