Life imitates art. John Hurt in the screen adaption of George Orwell’s “1984”.
by Hannah Kuchler
When George Orwell envisioned the “telescreen” – the TV that keeps constant tabs on its viewers – in 1984, he predicted that governments would use technology to cross the threshold into our private lives.
Confidential documents published by WikiLeaks last week purport to show that the Central Intelligence Agency created its own 21st century telescreen by hacking into smart TVs. You may be watching YouTube or Netflix, not forced military propaganda, but spies are still able to listen into your living room. Developers used vulnerabilities in Samsung TVs to ensure the products would capture conversations even when they appeared to be switched off.
In what WikiLeaks describes as the first instalment of the “largest intelligence publication in history”, the CIA appears eager to exploit the new spying opportunities created by the internet of things – everyday objects that are connected to the web. Market research group Gartner forecasts there will be more than 20bn appliances, TVs and other devices connected to the internet by 2020.
The CIA’s engineering development group had a “to do” list for the smart TV that included the ability to record video and break into its browser and apps. Other documents seemed to show it had explored infecting vehicle control systems used by connected cars.
The most vulnerable products are produced by companies that specialise in making toasters or blood sugar monitors, not in software or security. Chris Ratcliffe
“This is the most troubling WikiLeaks ever. We’ve learned the CIA has all the tools to spy on American citizens,” said John McAfee, the antivirus pioneer who is now chief executive officer of MGT Capital Investments. “And now it is in the hands of some unknown hacker organisation or nation state.”
The CIA has refused to comment on the veracity of the documents. Samsung says it makes security a top priority and is looking into the matter.
The basic vulnerabilities inherent in the internet of things – one of the biggest concepts being pursued in the technology industry – have been known for some time. Samsung even warned customers in 2015 that “if your spoken words include personal or other sensitive information, that information will be among the data captured and transmitted to a third party through your use of voice recognition”.
Cyber security researchers have highlighted holes in everything from cars to cameras, robots to refrigerators. It was revealed last month that children’s conversations with WiFi-enabled teddy bears from one toymaker had been leaked online.
Law enforcement has become interested in using audio collected by devices such as Alexa, Amazon’s voice-controlled personal assistant. A prosecutor in an Arkansas murder case has requested the data from Alexa. Amazon resisted the request until the suspect said the recordings could be handed over.
Big brother is watching you. WikiLeaks last week purported to show that the Central Intelligence Agency is hacking into smart TVs Carolyn Kaster
Cyber criminals are also targeting the internet of things, infecting systems with malicious software that demands a ransom, usually to be paid to an anonymous account in bitcoin. Hackers repeatedly struck a hotel in the Austrian Alps last year by attacking the electronic key card system. The hoteliers are returning to old-fashioned locks after being forced to pay €1,500 to allow guests back into their rooms. Last Christmas, one family in the US had their smart TV taken over by ransomware, disabling it for four days.
Vulnerabilities in connected devices risk destabilising the entire web. A malicious network known as a botnet built from tens of millions of internet-connected cameras and DVR players was last year harnessed to attack Dyn, a domain-name services provider used by websites from the New York Times to Twitter. Millions in the US were unable to access services including Spotify and Airbnb as Dyn struggled to resist the distributed denial-of-service attack.
Cesar Cerrudo, chief technology officer at cyber security company IOActive, says hackers from the CIA to less sophisticated cyber criminals will invest more in finding vulnerabilities in the internet of things.
“We are getting extremely dependent on technology. We need to start understanding that cyber security is important,” he says. “We suffer the consequences, are attacked, hacked, lose information. And it has a big impact on our daily lives.”