Skip to main content

CIA’s “CherryBlossom” Can Hack Almost Every Popular Router Brand You Can Think #Vault7


Cherry blossom cia main
A new set of CIA documents exposed by Wikileaks describe a firmware called CherryBlossom which can be installed on network routers and compromise the traffic. Wikileaks claims that CherryBlossom is co-developed by SRI International. Affected brands include Apple, Cisco, D-Link, Asus, etc.

Routers are important, yet ignored, a piece of our networks. Mostly, they are given a place in a corner of the house or under a table and left to get layered with dust while they power the internet in our homes.
Our ignorance to the router makes them vulnerable as we aren’t concerned about their security. In fact, most of the routers don’t get patched for security flaws for years, opposite to regular devices like computers and smartphones.
Yesterday, another set of tools and documents related to CIA were released by Wikileaks. Known as CherryBlossom, Wikileaks claims that the project is a collaborative effort between CIA and SRI International. It can be used to monitor network traffic and exploits software vulnerabilities on devices including wireless routers and access points which are a common sight in our homes and other places.
Cherry blossom 3
Image via Wikileaks
Such devices can easily serve as the platform for MITM attacks. Any infected router or AP can be used to push malicious content to the user’s device and exploit the bugs and loopholes in the device and the OS.
According to the leaked documents, it’s possible to replace a wireless router or access point’s firmware with the CherryBlossom firmware. The process becomes even easier for the devices supporting over the air upgrades. For devices which don’t allow wireless upgrades, “Wireless Upgrade Packages” are created. Also, there are measures to bypass the administrator password on the devices.
Other methods include installing the firmware using a tool called Claymore which be run on a laptop. It can know a device’s make and model and find which wireless routers can be hacked. Also, the malicious firmware can be installed during the “supply chain operation,” the leaked documents say.
A compromised device is then known as FlyTrap and connects to a command & control center dubbed as CherryTree.
A FlyTrap can send data to the CherryTree containing device status and security information which is logged into the C&C’s database. CherryTree issues further command to perform tasks based on the information.
Cherry blossom 2
Image via Wikileaks
An operator can access a compromised device over a web interface called Cherryweb and view information about the device. A Flytrap can be instructed to scan a Targets such as email addresses, chat user names, MAC addresses and VoIP numbers in the network traffic passing through it. This can be used to initiate further actions
According to the leaked documents, this data can be used to initiate further actions for a Target such as “copying of a Target’s network traffic” to the C&C server,  “redirection of a Target’s browser (e.g.  to Windex for browser exploitation), and “proxying a Target’s network connections.”
The leaked document further says that a FlyTrap can be further instructed to perform “global actions” such as copying all network traffic, proxying all network connections, and even set up VPN tunnel from the Flytrap’s network to a VPN server owned by CherryBlossom, thus, the operators improved access the network.

Is your router safe?

The leaked documents also include an extensive list of devices which can compromise using CherryBlossom. The list includes various brands like Apple, Cisco, Belkin, Asus, D-Link, Linksys, etc.
CherryBlossom follows the release of other CIA-related documents including Pandemic, Athena, AfterMidnight, Archimedes, etc. which are a part of their Wikileaks’ Vault 7 series.
Got something to add? Drop your thoughts and feedback inside comments.

Comments

WHAT'S HOT

Fappening 2.0 Continues: Modern Family Actress Sarah Hyland Has Become The Latest Victim Of Notorious Hackers [Private Photos, Video Leaked]

Modern Family actress Sarah Hyland has become the latest victim of notorious hackers. Her private pictures and video have been posted online on infamous website Celeb Jihad. According to media sources, Sarah’s lawyers are planning to take legal action against the websites who choose to publish the leaked material. Meanwhile, the actual powers behind the leak are unknown.

Samsung Overtakes Fitbit In Wearable Sales For First Time

Fitbit has been a top competitor on the global wearable market for a long time, but the South Korea giant Samsung managed to steal the silver crown of the wearable market from Fitbit. According to Strategy Analytics, Samsung gained the

Supermassive Black Holes Found Orbiting Each Other For The First Time

Image Credit: UCR Researchers from Stanford University have identified super-massive binary black holes at the center of Galaxy 0402+379 about 750 billion light years away. The two of the black holes are just 24 light years apart and one of them is orbiting the other. This is the first

Owners Of The Samsung Gear S3 In The United Kingdom Have Finally Received A Software Update That Enables Support For Samsung Pay

Owners of the Samsung Gear S3 in the United Kingdom have finally received a software update that enables support for Samsung Pay. Starting today, users will be able to use the Gear S3 smartwatch to make payments on all contactless