Technology

IoT devices are vulnerable to state-enlisted espionage: Booz Allen report

Booz Allen releases its 2019 Cyber Threat Outlook report highlighting state-enlisted espionage on IoT devices and AI deepfakes, among others, as major cyber threats this year.

“Connected televisions, webcams, and printers have been enlisted to mine cryptocurrency, launch DDoS attacks, and cause other mischief.”

The Booz Allen report outlines the top eight cybersecurity threats trending this year:

  • Companies in the crosshairs of information warfare
  • Internet of Things (IoT) devices broaden state espionage operations
  • Chip and PIN may fall short
  • The weaponization of adware networks
  • Deepfakes in the wild—Artificial Intelligence (AI) in information warfare
  • New Frontiers—the expanding wireless attack surface
  • State-sponsored threat actors double down on deception
  • Water utility targeting bubbles to the surface

State-enlisted Actors Hijack IoT Devices (Including CIA, Mi5)

“Connected televisions, webcams, and printers have been enlisted to mine cryptocurrency, launch DDoS attacks, and cause other mischief. In 2019, state-linked adversaries will likely increasingly abuse these devices to further their espionage and warfare efforts,” the report reads.

Read More: CIA physically installed NightSkies tracking beacon in factory-fresh iPhones: Assange

With respect to the treat of IoT devices being used for espionage enlisted by the state, the report makes allusions to Russia and South Korea; however, it has been well-documented by WikiLeaks that both the United States and Great Britain have hijacked IoT devices to spy on people.

Two of the most notable state-linked entities abusing these devices include the intelligence agencies CIA and Mi5.

Read More: MI5, CIA used Samsung Smart TVs to secretly listen-in on conversations: WikiLeaks

In April of 2017, WikiLeaks revealed that both British and American intelligence agencies used an implant on Samsung TVs to secretly listen-in on user conversations.

Using MI5’s EXTENDING Tool, American counterparts at the CIA developed the listening implant tool code-named “Weeping Angel” to record audio on Samsung F Series Smart Televisions.

Even when the TV was off, the CIA and MI5 could still record audio using the aptly-named “Fake-off” recording feature.

If you want to check out the state-sponsored IoT espionage user’s guide for EXTENDING Tool, it’s available to read here.

Another reason the IoT is vulnerable is that people who buy IoT devices don’t change the default password from the factory settings, and most users use the same password across multiple devices.

Read More: White Hat Worms and Cyber Wars: The IoT is Vulnerable and Growing

The Booz Allen report continues, “About 15 percent of IoT device owners don’t change their devices’ default passwords, and 10 percent of IoT devices use one of the same five passwords for administrative access, according to one 2017 estimate.

“IoT botnets, especially state-owned ones, present difficult challenges for defenders. Attempting to backlist astronomically large volumes of smart televisions and DVRs would probably be impractical. An adversary running a self-contained IoT proxy botnet, which we’ve dubbed a ‘boxynet,’ would not need to worry about third-party botnet managers logging their activity or otherwise compromising their anonymity.”

AI Deepfakes

Almost anything digital can be faked. With Adobe’s Voco and Stanford University’s Face2Face technologies, virtually any person dead or alive can be imitated with vocal and facial manipulation.

Read More: Is there nothing that can’t be faked with vocal, facial manipulation?

“AI-generated video—commonly referred to as ‘deepfakes’—use machine-learning algorithms to create highly believable forgeries that can be used to depict individuals saying or doing things that never occurred,” according to Booz Allen.

Journalism, business, governments, and geopolitics can all fall victim to deepfakes.

According to the report, “Attributing false quotes to political leaders is a tactic that has already been used by likely state-sponsored threat actors to significant effect.”

“Weaponized leaks—in which data is stolen and released publicly, sometimes with falsified data blended in—have increasingly been leveraged in influence operations. This tactic could similarly incorporate false video content mixed among a trove of stolen, but otherwise legitimate data, to increase the believability of the ruse.”

There is a great line from the 1993 blockbuster Jurassic Park that comes from Dr. Ian Malcolm, played by Jeff Goldblum, when he confronts the park’s owner on the ethics and dangers of reviving dinosaurs after 65 million years of extinction:

“Your scientists were so preoccupied with whether or not they could, they didn’t stop to think if they should.”

That same sentiment is being expressed when it comes to voice and facial reenactment technologies that now have the power to imitate virtually anyone who has ever been recorded audibly or visually.

Be sure to check out the full report linked at the beginning of this article.

Tim Hinchliffe

The Sociable editor Tim Hinchliffe covers tech and society, with perspectives on public and private policies proposed by governments, unelected globalists, think tanks, big tech companies, defense departments, and intelligence agencies. Previously, Tim was a reporter for the Ghanaian Chronicle in West Africa and an editor at Colombia Reports in South America. These days, he is only responsible for articles he writes and publishes in his own name. tim@sociable.co

View Comments

Recent Posts

MWC 2025 Barcelona was the ultimate experiential marketing dream

Mobile World Congress (MWC) in Barcelona is the biggest annual event in the mobile technology…

15 hours ago

GAN, Tec de Monterrey partnership highlights cross-border startup ecosystem building in Latin America amid trade dispute

Despite recent tensions between the United States government and Latin American countries over migration and…

5 days ago

This founder started out with US $5K to his name. Now, he owns a multi-million-dollar global business

Meet Nitin Seth, the Co-Founder and CEO of Screen Magic (SMS Magic), a messaging leader…

5 days ago

Building smarter: AI, the ultimate tool transforming an old-age industry

In this Brains Byte Back, we sit down with Hari Vasudevan, founder and CEO of…

5 days ago

When AI Goes Rogue: 8 Lessons from Implementing LLMs in the Healthcare Industry that Could Save the Future

By Santosh Shevade, Principal Data Consultant at Gramener – A Straive company All pharmaceutical companies…

7 days ago

Digital Public Infrastructure will enable public, private entities to control your access to essential goods, services & mobility

Digital Public Infrastructure is a top-down agenda coming from unelected globalists, bureaucrats, and their partners…

2 weeks ago