Yet another CIA Vault 7 document has been released by Wikileaks today. Couch Potato is a remote digital tool used to capture and collect live RTSP/H.264 steaming video in either an .AVI (video) or .jpg (image) formats. The tool has the ability to monitor streams and automatically take multiple snapshot images if the stream significantly changes visually from any previously captured images.
The Real Time Streaming Protocol (RTSP) is a network control protocol designed for use in entertainment and communications systems to control streaming media servers. The protocol is used for establishing and controlling media sessions between end points. Clients of media servers issue VCR-style commands, such as play, record and pause, to facilitate real-time control of the media streaming from the server to a client (Video On Demand) or from a client to the server (Voice Recording).
H.264 or MPEG-4 Part 10, Advanced Video Coding (MPEG-4 AVC) is a block-oriented motion-compensation-based video compression standard. As of 2014 it is one of the most commonly used formats for the recording, compression, and distribution of video content.
Couch Potato is built around a stripped down version of the widely used video and image encoding and decoding framework, ffmpeg. In order for the CIA developers to minimize the size of CouchPotato they removed many of the audio and video codecs along with other unnecessary features built into the ffmpeg framework.
The tool has an open source perceptual image hashing algorithm software incorporated into it called pHash. This monitors and analyzes any significant changes to previously captured images taken by Couch Potato.
what is pHash used for?
Potential applications include copyright protection, similarity search for media files, or even digital forensics. For example, YouTube could maintain a database of hashes that have been submitted by the major movie producers of movies to which they hold the copyright. If a user then uploads the same video to YouTube, the hash will be almost identical, and it can be flagged as a possible copyright violation. The audio hash could be used to automatically tag MP3 files with proper ID3 information, while the text hash could be used for plagiarism detection.
Finally the document details how Couch Potato relies on being launched in an ICE v3 Fire and Collect compatible loader, another CIA hacking tool.