Any Doctor Who fans? If so, you should appreciate the reference to the weeping angels from that show, and perhaps understand why this is such a clever name for an exploit kit to hack into Samsung TVs considering how the CIA uses it in collaboration with MI5 – or the Brits.
I’m referring of course to this week’s data dump of classified CIA material on their hacking program, actually their toolkits, by WikiLeaks. Much of the news hovers around the ethical concerns of the CIA hacking into American citizens’ Internet-connected Samsung TV sets to listen in to their conversations or track what shows they watch. Or the issue of them not sharing exploits with vendors. I’m not interested in that. It’s all inference anyway. All we really know is the software programs they use, in conjunction with other European agencies, to electronically eavesdrop. Personally, I’d be disappointed in them if they didn’t have some cool capabilities like this.
I might be more technical in this area than you, but to let you know, I’m not really all that savvy on how these exploits work. Which is why I think you might find my take-away from this event interesting. You should be able to identify with my high-level understanding. Understand it is really quite possible for a hacker to eavesdrop on your conversations, to hack into your iPhone, to capture your sensitive WhatsApp texts before they are encrypted. For Pete’s sake, last week’s news was about two million internet-connected teddy bears, from Spiral Toy’s CloudPets, making their customers’ conversations available online. The point isn’t that the CIA uses these tools, it’s that anyone can use these tools. It’s that these tools exist. There is no assurance of data privacy.
In Cyber War I, I explain to readers about how ransomware works and to be aware. I give some technical details on several aspects of hacking and cybercrime. I intend to go deeper and explore other dangers in my sequel. I hope you enjoy this information; I’ll try to blog more on these topics.
If you’re looking for assurances, there aren’t very many. For online protection for when you don’t mind the inconvenience and are uber concerned on protection, consider employing two-factor authentication. At least on financial sites. This is typically a process of logging into a site with your password (something you know), and a passcode that gets sent to your phone (something you have) during the login process. More and more sites are adopting this, but leave it to you to use it. It probably won’t be available on your TV any time soon.