WikiLeaks Docs Show CIA Has Been Hacking WiFi Routers For Years
- Author: Terrell Bush Jun 17, 2017,
Jun 17, 2017, 7:38
WikiLeaks is continuing to release classified U.S. intelligence documents obtained as part of the Vault 7 leaks, this time detailing a Central Intelligence Agency (CIA) initiative to compromise common routers and wireless access points to perform man-in-the-middle (MITM) attacks: CherryBlossom. Many models are also vulnerable to relatively easy exploits, which also makes them an attractive target for spying agencies.
Check out the full CherryBlossom documentation over on the WikiLeaks' website.
The CIA reportedly deployed one such protocol known as CherryBlossom on various consumer-grade wireless routers by 2012 in the US.
WikiLeaks previously released publications on Central Intelligence Agency hacking tools, including information on targeting Apple and Samsung. It can be used to monitor network traffic and exploits software vulnerabilities on devices including wireless routers and access points which are a common sight in our homes and other places. Also, there are measures to bypass the administrator password on the devices. The command-and-control server that receives the data collected by FlyTrap is codenamed CherryTree. The beaconed information contains device status and security information that the CherryTree logs to a database. Once the network is accessed, the administrator can easily monitor, control and manipulate the Internet traffic of connected users. The CIA has refused to comment on the trove, which was circulated among United States government contractors, according to WikiLeaks, one of whom provided it to the organization.
According to one 2010-dated document, the Central Intelligence Agency had by mid-2012 developed implants "for roughly 25 different devices from 10 different manufacturers", including Asus, Belkin, D-Link, Linksys, and Netgear.
Most of the router listed in the leak are older models, indicating that the documents themselves may be somewhat outdated, though there are undoubtedly plenty of targets still using the affected devices.