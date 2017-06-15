Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


An anonymous reader writes: After a two-week hiatus, WikiLeaks dumped new files as part of the Vault 7 series -- documents about a CIA tool named CherryBlossom, a multi-purpose framework developed for hacking hundreds of home router models. The tool is by far one of the most sophisticated CIA malware frameworks in the CIA's possession. The purpose of CherryBlossom is to allow operatives to interact and control SOHO routers on the victim's network. The tool can sniff, log, and redirect the user's Internet traffic, open a VPN to the victim's local network, execute actions based on predefined rules, alert operators when the victim becomes active, and more. A 24-page document included with the CherryBlossom docs lists over 200 router models from 21 vendors that the CIA could hack. The biggest names on this list are Apple, D-Link, Belkin, Aironet (Cisco), Linksys, and Motorola.

  • Two words: Reasonable Doubt (Score:1)

    by Anonymous Coward

    Defense attorneys must be salivating at this news, right? The fact that so many different router models are exploitable just screams "reasonable doubt." Hundreds of different models of routers are affected. If the CIA could find and exploit these vulnerabilities, so could other people. Anyone being charged with a computer crime that doesn't have a physical nexus (e.g. DPR getting fake passports in the mail) should point to this information and say see, my router was hackable, anyone in the world could have

  • Can this infect 3rd party firmware? (Score:2, Interesting)

    by Anonymous Coward

    For example Tomato, DD-WRT, OpenWRT, and all the variants that are so popular on commodity hardware.

    • Re: (Score:3)

      by hashish ( 62254 )

      Did you actually read the article?
      They are replacing the existing firmware with a new version with 'extra' functionality.
      The people who would not notice are the ones who would use the system out of the box and would not notice a hard reset. I am guessing a custom firmware users would notice.

    • Re: (Score:2)

      by AHuxley ( 892839 )
      AC think of it as a swap out. The device will still work and the user might not notice for a while.

    • Re: (Score:2)

      by skids ( 119237 )

      The "supported" model list makes it look like they are only targeting default OEM loads. Which makes sense since that's what most people run.

  • I didn't see anything about DD-WRT flashed routers in the manual.
    So maybe I'm good.

    • Re: (Score:2)

      by AHuxley ( 892839 )
      The "Claymore" part looks for routers that will be open to such efforts.

  • So the CIA uses its PoP to man in the middle traffic directed at router manufacturers firmware update sites and none of them simply checked the firmware signature before applying ?

    This is pretty basic exploit and pretty basic check for the router manufacturers...

     

  • Been using pfSense for years now, glad to know the FreeBSD life style is still holding up better than commercial consumer bullshit!

  • A long new password won't help the device.
    FlyTrap then connects to CherryTree.
    Mission then sends down the tasks to the device.
    CherryWeb is the GUI that looks over the new network.
    Windex alters the computers browsers i.e. malware.
    A copy of networked data via a new VPN.
    Years of access.

