Britain’s National Cyber Security Centre (NCSC) chief Ciaran Martin has warned consumers they should be wary of smart devices in the home. Such as the TV. That’s because they can be hacked. But Martin forgets to point out several vital pieces of embarrassing information.
Hackers warn of hacking
Martin first warned about smart devices last September. It was when he addressed an audience in the US. He acknowledged reports of weaknesses in the system. But he didn’t elaborate further.
At the public launch of the NCSC, Martin promoted the usefulness of the centre to consumers worried about privacy invasion. Ironically, the centre’s parent organisation is the UK’s intelligence hub, GCHQ. Which many would claim is the biggest hacker of all, snooping on everyone via the new Investigative Powers Act.
Warning of smart TVs
More recently, there has been increased concern about smart devices. These include internet-connected TVs. Through these, consumers can become the target of ransomware crime, banking scams, identity theft or man-in-the-middle attacks.
And in a story in The Telegraph on 14 March, Martin describes some of the risks. Such as how hackers could begin locking smartphones, televisions and even watches, before demanding ransom.
Ransomware on connected watches, fitness trackers and TVs will present a challenge to manufacturers, and it is not yet known whether customer support will extend to assisting with unlocking devices and providing advice on whether to pay a ransom.
Curiously, these warnings and the publication of the report come only a week after WikiLeaks revealed evidence of how the CIA uses these same technologies; and that it has done so since as far back as 2013, if not earlier.
Matthew Hickey, a security researcher and co-founder of Hacker House, explained how hacked smart TVs can:
recover the Wi-Fi keys the TV uses to later hack the target’s Wi-Fi network, and access any usernames and passwords.
But what neither Martin nor the NCSC mention in the briefings is how the technology used to turn smart TVs into hacking devices was developed. This was not just by the CIA, but also by Britain’s MI5:
This glaring omission is not surprising, as it must be extremely embarrassing for the NCSC. Especially as the NCSC claims to combat this type of intrusion. Furthermore, it was not the NCSC, but WikiLeaks, which revealed the details of how this technology – codenamed ‘Weeping Angel‘ – works.
Tech researcher David Lodge commented:
The source code came sanitized from ‘the UK’ minus comms and encryption… it implies that MI5 already had this as a solution.
So much for government cyber security advice!
So who would you trust with security advice: WikiLeaks or GCHQ?
– Read up on the latest from Big Brother Watch.
– Donate to the Electronic Frontier Foundation.
– Help crowdfund Edward Snowden and other whistleblowers.
Featured image via Flickr Creative Commons