After disclosing CIA’s security strategies to hijack and manipulate webcams and microphones to corrupt or delete recordings, WikiLeaks has now published another Vault 7 leak, revealing CIA’s ability to spy on video streams remotely in real-time.
Dubbed ‘CouchPotato,’ document leaked from the CIA details how the CIA agents use a remote tool to stealthy collect RTSP/H.264 video streams.
Real Time Streaming Protocol, or RTSP, is a network control protocol designed for use in entertainment and communication systems for controlling streaming media servers.
CouchPotato gives the agency hackers ability to “collect either the stream as a video file (AVI) or capture still images (JPG) of frames from the stream that are of significant change from a previously captured frame,” a leaked CIA manual reads.
The tool utilises FFmpeg for video and image encoding and decoding and Real Time Streaming Protocol connectivity.
The CouchPotato tool works stealthily without leaving any evidence on the targeted systems because it has been designed to support ICE v3 “Fire and Collect” loader, which is an in-memory code execution (ICE) technique that runs malicious code without the module code being written to the disk.
However, neither Wikileaks nor the leaked user guide details how the agency penetrates into the targeted systems at the first place, but since the publication has previously leaked many CIA malware, exploits and hacking tools to get into a network, the agency might have been using CouchPotato in combining with other tools.