Some Alleged CIA Hacking Tools—Like Apps That Turn Smart TVs into Spies—Do Exist

John Breeden II is an award-winning journalist and reviewer with over 20 years of experience covering technology and government. He is currently the CEO of the Tech Writers Bureau, a group that creates technological thought leadership content for organizations of all sizes. Twitter: @LabGuys

There is still a lot we don’t know regarding the WikiLeaks exposure of CIA cybersecurity documents this week. Many have suggested the documents may not be true or may have been tampered with before posting. And of course, everyone is wondering what the ramifications of such a revelation will be in terms of the CIA’s ability conduct its spycraft in the future. Some of the spying methods described in the documents may seem impossible, but I can attest that at least on that point, many of the tools described by the 8,000 documents do in fact exist.

According to what has been released so far, the CIA, through its Remote Devices Branch called UMBRAGE, maintains a library of hacking tools it has “stolen” from other groups. It goes on to explain the CIA can use the tools to compromise iOS and Android phones, and smart TVs, turning them into listening devices. It’s interesting to note the documents claim the CIA acquires these tools from others, instead of making them in-house.

» Get the best federal technology news and ideas delivered right to your inbox. Sign up here.

That said, in my work as a reviewer of high-end security products, I have run across many of the hacking tools described in the leaked documents. In a few cases, companies have even provided them to me so I could challenge their defenses. I keep them in an air-gapped computer network along with my virus zoo, pulling them out whenever needed for a controlled test.

Full disclosure: I have no idea if I have the same tools the CIA is allegedly using, only that they seem to do many of the same things described by the WikiLeaks documents.

Hacking smart TVs seems to be getting the most attention, though it should come as the least surprising aspect of this. Smart TVs are basically all-in-one computers, only without any of the protections found on actual dedicated computers. That is why so many smart TVs ended up being part of the Mirai botnet.

In some cases, smart TVs seem to have been designed for spying. Vizio, which is one of the most popular manufacturers, recently agreed to pay $2.2 million in fines for secretly recording what people were watching and selling that data to advertisers.

The Vizio hacking tool, which was installed on new systems and allegedly also retrofitted to older TVs connected to the internet, was fairly ingenious. It would take snapshots of several pixels on the screen and then compare that to a database of what was playing. So, blue and blue and red might mean the user was watching the "Fresh off the Boat" sitcom, while black and white and green might line up with a feature movie. It required very little data to be sent from the TV back to the company, with all the high-end big data processing occurring after the data was captured.

Back to the alleged CIA tools. The CIA is supposed to be able to turn certain smart TVs into listening devices, while making it appear like the unit is turned off. I have recently tested a tool like that with a Samsung smart TV. I am not sure if it works with other types of TVs, but the tool I have uses a variant of the Samsung Screen Mirroring, modified to both record sound and keep its presence hidden from users.

As most TVs have no security, paring the hacking tool—which I was running off a Samsung tablet—with a TV is extremely easy. Simply select the TV in range you want to target. From there, I could share my screen with the TV, but the tool reverses this so users can instead see what is on the TV.

But then it gets interesting. By entering silent operation mode, the TV screen goes dark, as if whatever input is selected has no data. It also activates the internal microphone if the TV is equipped for videoconferencing, or uses the device’s speaker system if it’s not—though the sound quality is not nearly as good in the latter case.

From another room, I could clearly hear everything going on in the one with the TV. I even deployed this against a conference room setting, and the people talking in that room had no idea someone was listening in from a nearby office.

There are a few problems with the spying app I obtained. First, the smart TV is not completely powered off. The screen is technically on, but displaying a blank, black screen. An observant person may notice the backlight is active, if anyone pays attention to things like that. Secondly, my tool only works within a short range, about 100 feet at most. That would allow it to target TVs in a nearby hotel room or apartment but you still need to be close. Finally, my spy app requires the TV not be in use because you are basically hijacking one of the remote inputs for your own purposes. If someone is watching the TV, I can’t initiate the tool without the video suddenly stopping, which would be very obvious.

It’s possible the CIA has a much better tool or toolset that eliminates some of the drawbacks of my own. Unless WikiLeaks releases the alleged tools—and I really hope it doesn't—we may never know. But I can at least confirm that everything I have seen in the documents so far is technically possible. The more unsettling question may be why the CIA, with its supposed expertise in spying, couldn’t protect its own data in the first place.