News & Updates

WikiLeaks published the user guide related to the hacking tool allegedly used by the CIA, code-named Weeping Angel, to hack Samsung Smart TV.

WikiLeaks has published a new document included in the Vault7 archive containing technical details about another hacking tool allegedly used by the U.S. Central Intelligence Agency (CIA). This time, the organization has published information on a tool designed to record audio via the built-in microphone of some Samsung smart TVs.

The tool is the Weeping Angel, it was mentioned the first time Wikileaks published information related to the Vault 7. The Weeping Angel tool is a tool used by the cyber-spies to spy on targets through Samsung smart TVs.

CIA Weeping Angel

The Weeping Angel was based on “Extending,” an implant allegedly developed by the MI5, among its features, there is the ability to record audio via the built-in microphone of the devices.

“Today, April 21st 2017, WikiLeaks publishes the User Guide for CIA’s “Weeping Angel” tool – an implant designed for Samsung F Series Smart Televisions. Based on the “Extending” tool from MI5/BTSS, the implant is designed to record audio from the built-in microphone and egress or store the data.” reads the documentation released by Wikileaks. 

WikiLeaks has now released the user guide of the hacking tool that is dated February 2014. The document details the implant developed to exploit Samsung F series smart TVs as a surveillance system that can record audio from surrounding environment and either store or exfiltrate the recordings.

The installation of the Weeping Angel implant requests a physical access to the SmartTV, an attacker can infect the device by connecting a USB device.

“The EXTENDING implant can be installed using a Close Access method. The EXTENDING installer is loaded onto a USB stick. This USB stick is then inserted into the target SAMSUNG F Series TV, and the installer is run. The installer deploys the implant and Settings file onto the TV. EXTENDING begins to run when the TV is next powered on” reads the guide.

The EXTENDING implant can be uninstalled by using either a USB stick containing a certain configuration file or at a pre-configured time.

Data can be exfiltrated later exfiltrated via a USB stick or a compromised Wi-Fi hotspot.

The EXTENDING implant is also able to exfiltrates audio over a Wi-Fi hotspot, to a Live Listening Tool, running on a laptop.

It is interesting to note that developers had been planning to implement more data stealing features to spy on browser data and acquire Wi-Fi credentials.

The US intelligence agency still hasn’t confirmed or denied the authenticity of the Vault 7 files.

Last week security researchers at Symantec and Kaspersky have discovered evidence that links the tools described in the Vault 7 archive and the exploit used by a cyber espionage group named Longhorn.

medianet_width=’300′; medianet_height= ‘250’; medianet_crid=’762221962′;

Pierluigi Paganini

(Security Affairs – Weeping Angel, CIA)

The post WikiLeaks published the user guide for the CIA Weeping Angel, the Samsung Smart TV Hacking Tool appeared first on Security Affairs.

Source: Security affairs

Enlarge / A script scanning the Internet for computers infected by DoublePulsar. On the left, a list of IPs Shodan detected having the backdoor installed. On the right are pings used to manually check if a machine is infected. (credit: Dan Tentler)

Security experts believe that tens of thousands of Windows computers may have been infected by a highly advanced National Security Agency backdoor. The NSA backdoor was included in last week’s leak by the mysterious group known as Shadow Brokers.

DoublePulsar, as the NSA implant is code-named, was detected on more than 107,000 computers in one Internet scan. That scan was performed over the past few days by researchers from Binary Edge, a security firm headquartered in Switzerland. Binary Edge has more here. Separate mass scans, one done by Errata Security CEO Rob Graham and another by researchers from Below0day, detected roughly 41,000 and 30,000 infected machines, respectively. To remain stealthy, DoublePulsar doesn’t write any files to the computers it infects. This design prevents it from persisting after an infected machine is rebooted. The lack of persistence may be one explanation for the widely differing results.


Read 5 remaining paragraphs | Comments


Enlarge / Berkeley, California, as seen in June 2013. (credit: Daniel Parks)

On Friday, a federal appeals court ruled in favor of the City of Berkeley, allowing the city to keep its law that requires radiation warning signs in all cellphone stores within the city limits.

The CTIA, the cellphone industry trade group, sued the city to stop the law from taking effect by asking a lower court to impose a preliminary injunction. The group argued that forcing retailers to display the warning (pictured below) constituted compelled speech, which violates the First Amendment. After the district court didn’t impose the injunction, the CTIA appealed to the 9th US Circuit Court of Appeals.

(credit: Rebecca Farivar)

The 9th Circuit concluded that Berkeley’s disclosure “did no more than alert consumers” to FCC safety disclosures.

Read 15 remaining paragraphs | Comments


Enlarge / Headquarters of Finnish telecom equipment group Nokia. (credit: Getty Images / RONI REKOMAA / Stringer)

The largest publicly traded patent-assertion company, Acacia Research, has launched a new lawsuit (PDF) against Apple and all the major cell phone carriers.

Cellular Communications Equipment, LLC, a unit of Acacia, has sued Apple, Verizon, AT&T, Sprint, and T-Mobile. The company says that the five industry giants infringe four patents related to basic cell phone technologies. All four patents originated at Nokia, which has been sharing its patents in so-called “patent privateering” arrangements for some years now.

Like so many lawsuits, the CCE v. Apple et al. case is based in the patent hotspot of East Texas, which is still considered favorable ground for patent plaintiffs. Acacia is based in Southern California, but the complaint says CCE’s principal place of business is an office in Plano, which is within the Eastern District of Texas.

Read 6 remaining paragraphs | Comments


Enlarge / Theranos CEO Elizabeth Holmes speaks at the Clinton Global Initiative Annual Meeting in New York City on September 29, 2015. (credit: CNBC / Getty Images News)

If it’s not one thing, it’s another in the dizzying downward spiral of Theranos, the once-darling of Silicon Valley biotech.

On Friday, the Wall Street Journal reported that the company “allegedly misled company directors” regarding its lab tests and used a shell company to buy commercial lab gear. These are just a few of the new revelations made by the Journal, which also include fake demonstrations for potential investors.

The new information came from unsealed depositions by 22 former Theranos employees or members of its board of directors. They were deposed by Partner Fund Management LP, a hedge fund currently suing Theranos in Delaware state court. Theranos is also facing multiple lawsuits in federal court in California and Arizona, among others.

Read 7 remaining paragraphs | Comments


Enlarge (credit: Juisir)

A cold-press juicer maker called Juicero found itself at the center of a lot of unwanted attention this week when Bloomberg reporters discovered that they could press juice out of the company’s proprietary juice bags with their bare hands—without the help of the accompanying $400 appliance.

But Juicero apparently still wants to be the only company to offer this type of appliance, as it filed a complaint (PDF) in federal court against another cold-press juice bag squeezer called Juisir earlier this month.

Juicero claims that Juisir, developed by Chinese company iTaste and marketed and imported with the help of Australian company Froothie, infringes on a patent Juicero was granted in November 2016. Juicero said in its April 6 complaint that Juisir also violates the Silicon Valley company’s trade dress and trademark rights.

Read 10 remaining paragraphs | Comments


Enlarge / Pictured: Probably an editor who peer-reviewed stuff for Tumor Biology. (credit: flickr user: 派脆客 Lee)

The journal Tumor Biology is retracting 107 research papers after discovering that the authors faked the peer review process. This isn’t the journal’s first rodeo. Late last year, 58 papers were retracted from seven different journals— 25 came from Tumor Biology for the same reason.

It’s possible to fake peer review because authors are often asked to suggest potential reviewers for their own papers. This is done because research subjects are often blindingly niche; a researcher working in a sub-sub-field may be more aware than the journal editor of who is best-placed to assess the work.

But some journals go further and request, or allow, authors to submit the contact details of these potential reviewers. If the editor isn’t aware of the potential for a scam, they then merrily send the requests for review out to fake e-mail addresses, often using the names of actual researchers. And at the other end of the fake e-mail address is someone who’s in on the game and happy to send in a friendly review.

Read 6 remaining paragraphs | Comments


Enlarge (credit: NASA’s Scientific Visualization Studio and NASA Center for Climate Simulation)

If you follow climate science news, you know that one of the hotter topics is “climate sensitivity”—the precise amount of warming you get for a given increase of greenhouse gases. A few years ago, a couple papers caused a stir by trying to estimate this sensitivity based on simple equations for the recent past, coming up with a lower warming sensitivity than numerous other studies based on climate models or paleoclimate records. The last IPCC report even widened its estimated range slightly to encompass these studies, which proved controversial.

Researchers have already found reasons to think those low sensitivity estimates were problematic, including the fact that the simplistic, global representations of warming and cooling factors missed some important spatial patterns that change things. A new study from the University of Washington’s Kyle Armour comes at the question from a different angle.

There are several different timeframes we can use to describe climate sensitivity. The one you most commonly hear about is called “equilibrium climate sensitivity.” Technically, this is the amount of warming you’d get if you instantaneously doubled atmospheric CO2 and waited a couple centuries or so for the climate to adjust. But there is also something called the “transient climate response,” defined as the warming you get at the time a gradually increasing level of CO2 reaches the doubling point. This is a smaller number, because the climate doesn’t have time to fully reach equilibrium.

Read 9 remaining paragraphs | Comments


After single-handedly tarnishing the diesel engines it had spent so long championing, Volkswagen Group’s corporate redemption strategy involves a commitment to building a lot more electric vehicles. There’s an all-new modular architecture for EVs—called MEB—that will be the basis for new models throughout the brands in VW’s portfolio, but that won’t be ready until 2020. In the meantime, Porsche and Audi have been working on long-range battery EVs that should start appearing next year. And at the Shanghai Auto Show on Friday, Audi announced a second long-range EV will go on sale in 2019: the e-tron Sportback.

The e-tron Sportback is built around the vehicle’s 95kWh battery pack, giving it a range of 310 miles (500km). The battery pack is bookended by a pair of electric motors that provide a total of 430hp (320kW), although with a boost function that gives up to 500hp (370kW) for short periods. Atop this skateboard chassis is a sleeker body than the more upright e-tron SUV first seen in 2015. But as BMW’s X6 has ably proved, the “four door coupé” effect is rather undermined by the huge wheels and lofty ride height.

Read 1 remaining paragraphs | Comments


Enlarge (credit: Aurich / Getty)

Canada is taking a much stronger stand against data cap exemptions than the United States.

In the US, the Federal Communications Commission’s new Republican leadership signaled that it won’t enforce net neutrality rules against zero-rating, the practice of favoring certain Internet content by exempting it from customers’ data caps. The FCC made that clear when it rescinded a determination that AT&T and Verizon Wireless violated net neutrality rules by letting their own video services stream without counting against customers’ data caps while charging other video providers for the same data cap exemptions.

Canada is also taking a case-by-case approach to zero-rating instead of banning it outright. But yesterday, the Canadian Radio-television and Telecommunications Commission (CRTC) ordered changes to one carrier’s zero-rating program and announced that it will enforce stricter guidelines for determining whether zero-rating programs are discriminatory.

Read 16 remaining paragraphs | Comments