Skip to main content

CIA’s “CherryBlossom” Can Hack Almost Every Popular Router Brand You Can Think #Vault7


Cherry blossom cia main
A new set of CIA documents exposed by Wikileaks describe a firmware called CherryBlossom which can be installed on network routers and compromise the traffic. Wikileaks claims that CherryBlossom is co-developed by SRI International. Affected brands include Apple, Cisco, D-Link, Asus, etc.

Routers are important, yet ignored, a piece of our networks. Mostly, they are given a place in a corner of the house or under a table and left to get layered with dust while they power the internet in our homes.
Our ignorance to the router makes them vulnerable as we aren’t concerned about their security. In fact, most of the routers don’t get patched for security flaws for years, opposite to regular devices like computers and smartphones.
Yesterday, another set of tools and documents related to CIA were released by Wikileaks. Known as CherryBlossom, Wikileaks claims that the project is a collaborative effort between CIA and SRI International. It can be used to monitor network traffic and exploits software vulnerabilities on devices including wireless routers and access points which are a common sight in our homes and other places.
Cherry blossom 3
Image via Wikileaks
Such devices can easily serve as the platform for MITM attacks. Any infected router or AP can be used to push malicious content to the user’s device and exploit the bugs and loopholes in the device and the OS.
According to the leaked documents, it’s possible to replace a wireless router or access point’s firmware with the CherryBlossom firmware. The process becomes even easier for the devices supporting over the air upgrades. For devices which don’t allow wireless upgrades, “Wireless Upgrade Packages” are created. Also, there are measures to bypass the administrator password on the devices.
Other methods include installing the firmware using a tool called Claymore which be run on a laptop. It can know a device’s make and model and find which wireless routers can be hacked. Also, the malicious firmware can be installed during the “supply chain operation,” the leaked documents say.
A compromised device is then known as FlyTrap and connects to a command & control center dubbed as CherryTree.
A FlyTrap can send data to the CherryTree containing device status and security information which is logged into the C&C’s database. CherryTree issues further command to perform tasks based on the information.
Cherry blossom 2
Image via Wikileaks
An operator can access a compromised device over a web interface called Cherryweb and view information about the device. A Flytrap can be instructed to scan a Targets such as email addresses, chat user names, MAC addresses and VoIP numbers in the network traffic passing through it. This can be used to initiate further actions
According to the leaked documents, this data can be used to initiate further actions for a Target such as “copying of a Target’s network traffic” to the C&C server,  “redirection of a Target’s browser (e.g.  to Windex for browser exploitation), and “proxying a Target’s network connections.”
The leaked document further says that a FlyTrap can be further instructed to perform “global actions” such as copying all network traffic, proxying all network connections, and even set up VPN tunnel from the Flytrap’s network to a VPN server owned by CherryBlossom, thus, the operators improved access the network.

Is your router safe?

The leaked documents also include an extensive list of devices which can compromise using CherryBlossom. The list includes various brands like Apple, Cisco, Belkin, Asus, D-Link, Linksys, etc.
CherryBlossom follows the release of other CIA-related documents including Pandemic, Athena, AfterMidnight, Archimedes, etc. which are a part of their Wikileaks’ Vault 7 series.
Got something to add? Drop your thoughts and feedback inside comments.

Comments

WHAT'S HOT

Amazon Cuts Huawei Watch 2 Price To $194.99

Huawei's latest smartwatch has received a temporary price cut in the United States. There is no word on how long the promotion will last, but those interested

This Medical Camera Can See Right Through Human Body

Now, a team at the University of Edinburgh has developed a medical camera that can see right through your body. This new camera works by detecting light sources inside the body, such as

Google Search About To Receive A New “Speed Test Tool”, Here Is How To Use It

I use the Speed Test tool by Ookla to check the speed of my broadband connection. Generally, I use Google Search to visit the website. But the last time when I Googled the term “speed test,” I didn’t have to go much further than the search result itself.

Microsoft Has Released The First Windows 10 Build 16353 For Insiders

As Fall Creators Update is nearing its release, Skip Ahead was announced last month. It enables fast ring users to continue receiving new features, though the RS_PRERELEASE