Published CIA User Guide for Samsung TV remote tapping

Published on April 24, 2017

Published CIA User Guide for Samsung TV remote tapping


    The representative of the predatory race of crying angels

    Fans of the science fiction series Doctor Who perfectly remember the alien race of predators Weeping Angels. These are the characters of the episode "Don't Blink" - the tenth episode of the third season (2007) and one of the best episodes in the history of "Doctor Who".

    From the perspective of an outside observer, the angels look like stone statues, whose eyes are often covered with their palms. But if you blink, looking at Angel, you will immediately notice an elusive change in the position of the statue - it seems to have become closer. And God forbid, a long look away.



    If you look away, the crying angel comes close. The fact is that these aliens move only when no one is looking at them, even if they just blink. In a sense, they resemble the character of the Greek myths, the Gorgon Medusa, which made everyone who looks at her look petrified. Only here does this principle work the other way around.


    Gorgon Medusa, one of the three Gorgon sisters (picture of Caravaggio). According to legend, it was a girl with beautiful hair, but the god Poseidon captured her in the temple of Athena, where an innocent beauty was trying to hide from the pursuit of God. In retaliation for the blasphemy in her temple, Athena turned her hair into hydra

    Greek mythology and modern science fiction are surprisingly combined in the depths of the secret laboratories of the CIA and MI5, where software is developed for the needs of foreign intelligence. The CIA programmers adoring modern pop culture , of course, watched "Doctor Who," and that series with Weeping Angels. That is why they gave such a name to a tab for Samsung TVs. TVs that watch the audience - these are such little Weeping Angels, crying angels, try to just blink or blurt out too much.

    On March 7, 2017, the Wikileaks website began publishing the Vault collection of 7 secret documents from the Central Intelligence Agency. The first part of the Year Zero collection contains 8761 files., including a list of various malware, viruses, trojans, dozens of 0day exploits and payloads for them, remote control systems and relevant documentation.

    In the published compilation there was documentation on the Weeping Angel tab for Samsung TVs with built-in microphones and voice recognition (voice control) enabled. This malware was created by the CIA’s Embedded Development Branch (EDB) development unit in conjunction with the British intelligence agency MI5 / BTSS. The program adds to the TV mode 'Fake-Off', when the TV looks off, but at the same time records conversations in the room and sends them to the CIA web server.

    April 21, 2017 Wikileaks publishednew information on the Weeping Angel tab - a detailed user guide for CIA agents . The document is dated February 28, 2014 ( pdf ). In technical documentation, the tool is called EXTENDING. According to Wikileaks, this is the original version of the bookmark, created in British intelligence MI5 / BTSS and improved by the CIA. Colleagues from the UK and the USA coordinated their work on this tool and shared their experiences, organizing Joint Development Workshops - joint development workshops.

    Three dozen pages of the user's manual contain the following:

    • key bookmark functions EXTENDING;
    • malware configuration: the package includes an Ubuntu 12.10 ISO image to create a Linux virtual machine, where encrypted files with settings are generated (the Oracle VM Virtual Box installer allows you to set the environment for running this Ubuntu VM virtual machine) protected computer disconnected from the Internet; there is also a wlan.bat script for configuring the Hosted Network Virtual Adapter virtual adapter on a laptop;
    • installation process;
    • compatibility with Samsung TVs;
    • installation process of a web server for receiving information from a TV set - the web server is installed using the Windows installer XAMPP, there is also the Android web server PAW Server, the bundle includes the .apk file and the configured folder PAW2;





    • processing audio data recorded via the built-in microphone using the Windows program ECDLive.exe;
    • the procedure for removing a bookmark from the TV (in the initial configuration, the "date of death" of the bookmark is set);
    • testing and possible operational problems;
    • known bookmark problems and limitations;
    • decoding error codes (Appendix A).

    The document states that the program is designed for Samsung F Series models (firmware 1111, 1112 and 1116), and the preliminary configuration of the malware is carried out on a personal computer under Linux. Installation on the TV by using a USB-flash drive. The program can work in three modes: 1) permanent audio recording; 2) audio only in TV off mode; 3) audio recording only in the mode of the included TV.

    As can be seen from the documentation, the recorded audio files from the TV are not transmitted via the Internet, but via WiFi - to a laptop or Android smartphone located nearby. It can already be connected to the Internet, through it you can get an archive of recorded files or wiretap in real time. Probably, this tab is best suited for installation on "public" TVs, which are located in office buildings, hotel lobbies, cafeterias, hairdressers, etc.

    The Vault 7 archive malware files themselves promise to publish after checking and closing the vulnerabilities .

    PS Now the CIA and the FBI are conducting a joint investigation to identify the officer involved in the leak of documents. It is surprising that for 1.5 months it was not possible to calculate it.