Wikileaks dump details how the CIA can easily hijack routers – SiliconANGLE (blog)

The Central Intelligence Agency likes to hack Wi-Fi routers.

Thats the major takeaway from a new dump from Wikileaks that includes the details of software used by the agency to spy on all and sundry.

Called Cherry Blossom, the CIA-designed hacking softwareuses a modified version of a routers firmware to turn it into a surveillance tool. The firmware allows the agency to monitor thetargets internet traffic remotely, scan for useful information such aspasswords and redirect the target to a desired website.

The idea of the CIA spying on people isnt particularly groundbreaking, but what is more interesting is that Cherry Blossom can be installed remotely with zero physical access to the router itself. It uses a process called FlyTrap by which an implanted device can then be used to monitor the Internet activity of and deliver software exploits to targets of interest, the CIA manual noted.

The method of attack is to hijack the over-the-air firmware upgrade functionality. Many wireless devices allow a firmware upgrade over the wireless link, meaning a wireless device can often be implanted without physical access, the manual noted. Supported devices can be implanted by upgrading the firmware using a variety of tools/techniques.

The document would appear to be somewhat old, given that it includes references to as of August 2012. Still, no router would be safe from Cherry Blossom. The manual described different versions of the hacking tool tailored to a multiplebrands and models of routers, including devices from Asus, Belkin, Buffalo, Dell, DLink, Linksys, Motorola, Netgear, Senao and US Robotics.

Once the new firmware on the device is flashed, the router or access point will become a so-called FlyTrap, Wikileaks noted in its press release. A FlyTrap will beacon over the Internet to a Command & Control server referred to as the CherryTree. That beaconed information contains device status and security information that the CherryTree then logs into a database.

In response to this information, the CherryTree sends a Mission with operator-defined tasking, Wikileaks continued. An operator can use CherryWeb, a browser-based user interface to view Flytrap status and security info, plan Mission tasking, view Mission-related data, and perform system administration tasks.

Althoughthe CIA is legally restricted from operating within the borders of the United States, if youre reading this from another country and are doing something untoward, it may be advisable for you to turn off your router very quickly.

Go here to see the original:
Wikileaks dump details how the CIA can easily hijack routers - SiliconANGLE (blog)

Related Posts
This entry was posted in $1$s. Bookmark the permalink.