Technology

IoT devices are vulnerable to state-enlisted espionage: Booz Allen report

Booz Allen releases its 2019 Cyber Threat Outlook report highlighting state-enlisted espionage on IoT devices and AI deepfakes, among others, as major cyber threats this year.

“Connected televisions, webcams, and printers have been enlisted to mine cryptocurrency, launch DDoS attacks, and cause other mischief.”

The Booz Allen report outlines the top eight cybersecurity threats trending this year:

  • Companies in the crosshairs of information warfare
  • Internet of Things (IoT) devices broaden state espionage operations
  • Chip and PIN may fall short
  • The weaponization of adware networks
  • Deepfakes in the wild—Artificial Intelligence (AI) in information warfare
  • New Frontiers—the expanding wireless attack surface
  • State-sponsored threat actors double down on deception
  • Water utility targeting bubbles to the surface

State-enlisted Actors Hijack IoT Devices (Including CIA, Mi5)

“Connected televisions, webcams, and printers have been enlisted to mine cryptocurrency, launch DDoS attacks, and cause other mischief. In 2019, state-linked adversaries will likely increasingly abuse these devices to further their espionage and warfare efforts,” the report reads.

Read More: CIA physically installed NightSkies tracking beacon in factory-fresh iPhones: Assange

With respect to the treat of IoT devices being used for espionage enlisted by the state, the report makes allusions to Russia and South Korea; however, it has been well-documented by WikiLeaks that both the United States and Great Britain have hijacked IoT devices to spy on people.

Two of the most notable state-linked entities abusing these devices include the intelligence agencies CIA and Mi5.

Read More: MI5, CIA used Samsung Smart TVs to secretly listen-in on conversations: WikiLeaks

In April of 2017, WikiLeaks revealed that both British and American intelligence agencies used an implant on Samsung TVs to secretly listen-in on user conversations.

Using MI5’s EXTENDING Tool, American counterparts at the CIA developed the listening implant tool code-named “Weeping Angel” to record audio on Samsung F Series Smart Televisions.

Even when the TV was off, the CIA and MI5 could still record audio using the aptly-named “Fake-off” recording feature.

If you want to check out the state-sponsored IoT espionage user’s guide for EXTENDING Tool, it’s available to read here.

Another reason the IoT is vulnerable is that people who buy IoT devices don’t change the default password from the factory settings, and most users use the same password across multiple devices.

Read More: White Hat Worms and Cyber Wars: The IoT is Vulnerable and Growing

The Booz Allen report continues, “About 15 percent of IoT device owners don’t change their devices’ default passwords, and 10 percent of IoT devices use one of the same five passwords for administrative access, according to one 2017 estimate.

“IoT botnets, especially state-owned ones, present difficult challenges for defenders. Attempting to backlist astronomically large volumes of smart televisions and DVRs would probably be impractical. An adversary running a self-contained IoT proxy botnet, which we’ve dubbed a ‘boxynet,’ would not need to worry about third-party botnet managers logging their activity or otherwise compromising their anonymity.”

AI Deepfakes

Almost anything digital can be faked. With Adobe’s Voco and Stanford University’s Face2Face technologies, virtually any person dead or alive can be imitated with vocal and facial manipulation.

Read More: Is there nothing that can’t be faked with vocal, facial manipulation?

“AI-generated video—commonly referred to as ‘deepfakes’—use machine-learning algorithms to create highly believable forgeries that can be used to depict individuals saying or doing things that never occurred,” according to Booz Allen.

Journalism, business, governments, and geopolitics can all fall victim to deepfakes.

According to the report, “Attributing false quotes to political leaders is a tactic that has already been used by likely state-sponsored threat actors to significant effect.”

“Weaponized leaks—in which data is stolen and released publicly, sometimes with falsified data blended in—have increasingly been leveraged in influence operations. This tactic could similarly incorporate false video content mixed among a trove of stolen, but otherwise legitimate data, to increase the believability of the ruse.”

There is a great line from the 1993 blockbuster Jurassic Park that comes from Dr. Ian Malcolm, played by Jeff Goldblum, when he confronts the park’s owner on the ethics and dangers of reviving dinosaurs after 65 million years of extinction:

“Your scientists were so preoccupied with whether or not they could, they didn’t stop to think if they should.”

That same sentiment is being expressed when it comes to voice and facial reenactment technologies that now have the power to imitate virtually anyone who has ever been recorded audibly or visually.

Be sure to check out the full report linked at the beginning of this article.

Tim Hinchliffe

The Sociable editor Tim Hinchliffe covers tech and society, with perspectives on public and private policies proposed by governments, unelected globalists, think tanks, big tech companies, defense departments, and intelligence agencies. Previously, Tim was a reporter for the Ghanaian Chronicle in West Africa and an editor at Colombia Reports in South America. These days, he is only responsible for articles he writes and publishes in his own name. tim@sociable.co

View Comments

Recent Posts

Can Bitcoin Be the Key to Ending Perpetual War?

Every now and then, I stumble upon posts such as these here and there: And,…

5 hours ago

The Coming AI Winter: How Physics May Be Leading the Way

Winter(Physics) is Coming It now looks like Large Language Models running on the GPT technology…

5 hours ago

Top 15 LatAm tech journalists and editors of 2024

Latin America’s tech industry is booming, with innovative new startups popping up across the region.…

7 hours ago

G20 announces initiative to crackdown on climate change disinformation

The Global Initiative for Information Integrity on Climate Change claims to 'safeguard those reporting on…

9 hours ago

How GPUs, widely used in gaming, are helping doctors get a better look inside us

In the late 19th Century, physicians began inserting hollow tubes equipped with small lights into…

19 hours ago

Top Five Trends Shaping Gaming in 2025

This year wasn’t exactly what the video gaming industry expected — it declined by 7%…

2 days ago