And now, of course, no
discussion of security of late
would be complete without
mention of our own CIA,
or Central Intelligence Agency.
Indeed, it was recently
revealed by Wikileaks.org
that the CIA has been taking advantage
for some time of bugs in software
in order to wage attacks
against owners of the hardware
running that software, including popular
devices like Android phones, iPhones,
TVs, and more.
And in Vault 7 in particular did
Wikileaks reveal the CIA hacking tools.
Specifically referring to
such initiatives by the CIA,
seemingly adorable initiatives like,
Wrecking Crew, Crunchy Lime Skies,
Elder Piggy, Anger Quake, or McNugget,
which indeed sound delightful.
But when you actually read about what
these code names mean they actually
refer to a systematic process
for identifying bugs in software,
and therefore, potential
exploits, writing
software that take advantage of
those bugs, so as, to effectively,
hack into people's
software and/or hardware.
And potentially affected are familiar
tools like Skype, our own WiFi
networks, PDFs, anti-virus software.
In addition to popular devices
like the very phones in our pocket.
But, all too close to
home, frankly was the fact
that Samsung TVs seem to be
the result, or the victim,
of some of these very exploits.
In fact, adorably, Weeping
Angel was the code name
for a project that
took advantage of bugs
in Samsung TV'S own software,
Smart TVs software, in order
to turn on, without
customers, apparently knowing,
those devices microphones so that
you could theoretically listen in
on conversations, and even
record them, even while giving
the appearance that the TV is off.
So the user thinks the TV is
off, and he or she is talking.
But meanwhile, that TV
is actually listening.
Now, you may recall it
wasn't all that long ago
that the CS50 itself blew the lid off of
another problem with Samsung Smart TVs,
whereby at the time, though
they claimed and thought
they were actually encrypting such
data, because these microphones are
present so that you can talk to your
TV, and issue VoiceBase commands,
will recall that data was
not actually being encrypted.
Now, what is a Smart
TV in the first place?
Well, at the end of the day, our
TVs are no longer just televisions.
They are actually full fledged computers
with hardware and software within.
And indeed, if you have such
a Smart TV, whether it's
Samsung, or something else, you may very
well have icons like these on your TV,
much like a tablet, or a phone.
And that's because you can
install software on TVs today.
But if you can install software
you can surely install accidentally
buggy software, or unknowingly
exploitative software,
that's actually doing something
it's not supposed to do.
But even scarier is when our hardware
has things like these things here.
Cameras and microphones
that are supposed
to be used for good and not evil.
As this man here is talking
to his TV and using Skype
by talking into his remote control.
That in fact is meant to be a feature.
But when these things can be
turned on without our control,
and when they can be turned on
even when we think they are off,
therein lies the threat and the scare.
Now, how do you know if you are
among those that were affected?
And indeed, if you are suspicious
that the CIA is spying on you,
how can you confirm as much?
Well, if your Samsung TV was
manufactured in 2011 or 2012
this particular attack is germane.
However, to be fair, the attack requires
that the CIA tiptoe into your home,
presumably, plug-in a USB
stick with the software,
in order to take advantage of this bug.
But if that too is a threat,
consider that the software
your smart TV must be running
for this attack to work
is either version 1011, 1012, 1016.
And there have been
newer versions since.
But the biggest help, perhaps, is
if when you think your TV is off you
actually still see a blue
LED light on in the back.
It might actually be listening,
and god forbid, watching you.
For more on this particular attack and
others, you can take a look at this URL
here.
That's it.
For CS50 Live, thank you so much to
CS50's own Ian, and Andrew, Marinda,
Ramone, Skulli, Dan, Arturo, Christian,
and of course, CS50's own, Doug Lloyd.
This was CS50.
