INFRA
INFRA
INFRA
Wikileaks dump details how the CIA can easily hijack routers
The Central Intelligence Agency likes to hack Wi-Fi routers.
That’s the major takeaway from a new dump from Wikileaks that includes the details of software used by the agency to spy on all and sundry.
Called “Cherry Blossom,” the CIA-designed hacking software uses a modified version of a router’s firmware to turn it into a surveillance tool. The firmware allows the agency to monitor the target’s internet traffic remotely, scan for useful information such as passwords and redirect the target to a desired website.
The idea of the CIA spying on people isn’t particularly groundbreaking, but what is more interesting is that Cherry Blossom can be installed remotely with zero physical access to the router itself. It uses a process called FlyTrap by which “an implanted device can then be used to monitor the Internet activity of and deliver software exploits to targets of interest,” the CIA manual noted.
The method of attack is to hijack the over-the-air firmware upgrade functionality. “Many wireless devices allow a firmware upgrade over the wireless link, meaning a wireless device can often be implanted without physical access, the manual noted. “Supported devices … can be implanted by upgrading the firmware using a variety of tools/techniques.”
The document would appear to be somewhat old, given that it includes references to “as of August 2012.” Still, no router would be safe from Cherry Blossom. The manual described different versions of the hacking tool tailored to a multiple brands and models of routers, including devices from Asus, Belkin, Buffalo, Dell, DLink, Linksys, Motorola, Netgear, Senao and US Robotics.
“Once the new firmware on the device is flashed, the router or access point will become a so-called FlyTrap,” Wikileaks noted in its press release. “A FlyTrap will beacon over the Internet to a Command & Control server referred to as the CherryTree.” That beaconed information contains device status and security information that the CherryTree then logs into a database.
“In response to this information, the CherryTree sends a Mission with operator-defined tasking,” Wikileaks continued. “An operator can use CherryWeb, a browser-based user interface to view Flytrap status and security info, plan Mission tasking, view Mission-related data, and perform system administration tasks.”
Although the CIA is legally restricted from operating within the borders of the United States, if you’re reading this from another country and are doing something untoward, it may be advisable for you to turn off your router very quickly.
Photo: Pikawil/Wikimedia Commons
Since you’re here …
… We’d like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.
If you like the reporting, video interviews and other ad-free content here, please take a moment to check out a sample of the video content supported by our sponsors, tweet your support, and keep coming back to SiliconANGLE.
.jpg){kind=link}