Wikileaks dump details how the CIA can easily hijack routers
The Central Intelligence Agency likes to hack Wi-Fi routers.
That’s the major takeaway from a new dump from Wikileaks that includes the details of software used by the agency to spy on all and sundry.
Called “Cherry Blossom,” the CIA-designed hacking software uses a modified version of a router’s firmware to turn it into a surveillance tool. The firmware allows the agency to monitor the target’s internet traffic remotely, scan for useful information such as passwords and redirect the target to a desired website.
The idea of the CIA spying on people isn’t particularly groundbreaking, but what is more interesting is that Cherry Blossom can be installed remotely with zero physical access to the router itself. It uses a process called FlyTrap by which “an implanted device can then be used to monitor the Internet activity of and deliver software exploits to targets of interest,” the CIA manual noted.
The method of attack is to hijack the over-the-air firmware upgrade functionality. “Many wireless devices allow a firmware upgrade over the wireless link, meaning a wireless device can often be implanted without physical access, the manual noted. “Supported devices … can be implanted by upgrading the firmware using a variety of tools/techniques.”
The document would appear to be somewhat old, given that it includes references to “as of August 2012.” Still, no router would be safe from Cherry Blossom. The manual described different versions of the hacking tool tailored to a multiple brands and models of routers, including devices from Asus, Belkin, Buffalo, Dell, DLink, Linksys, Motorola, Netgear, Senao and US Robotics.
“Once the new firmware on the device is flashed, the router or access point will become a so-called FlyTrap,” Wikileaks noted in its press release. “A FlyTrap will beacon over the Internet to a Command & Control server referred to as the CherryTree.” That beaconed information contains device status and security information that the CherryTree then logs into a database.
“In response to this information, the CherryTree sends a Mission with operator-defined tasking,” Wikileaks continued. “An operator can use CherryWeb, a browser-based user interface to view Flytrap status and security info, plan Mission tasking, view Mission-related data, and perform system administration tasks.”
Although the CIA is legally restricted from operating within the borders of the United States, if you’re reading this from another country and are doing something untoward, it may be advisable for you to turn off your router very quickly.
Photo: Pikawil/Wikimedia Commons
A message from John Furrier, co-founder of SiliconANGLE:
Your vote of support is important to us and it helps us keep the content FREE.
One click below supports our mission to provide free, deep, and relevant content.
Join our community on YouTube
Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.
THANK YOU