Published: Sat, June 17, 2017
Tech | By Constance Martin

Central Intelligence Agency could potentially hack your router, according to WikiLeaks

Central Intelligence Agency could potentially hack your router, according to WikiLeaks

The CIA, as is to be expected, has neither confirmed nor denied the existence of the CherryBlossom programme nor the legitimacy of the leaked documents. It and related technical documents are part of WikiLeaks' Vault7 trove of stolen intelligence, which the organization announced in March. The fact that so many Wi-Fi routers are vulnerable to spying is fairly troubling, but not terribly surprising.

"CherryBlossom is focused on compromising wireless networking devices, such as wireless routers and access points (APs), to achieve these goals", said WikiLeaks' post about CherryBlossom. It can be used to monitor network traffic and exploits software vulnerabilities on devices including wireless routers and access points which are a common sight in our homes and other places. Once a router is compromised, its communications to and from the CIA's control server are encrypted and disguised to prevent detection. For devices which don't allow wireless upgrades, "Wireless Upgrade Packages" are created. The CherryBlossom firmware requires no physical access to the targeted device and once in, the administrator can scan for email addresses, chat usernames as well as VoIP numbers that pass through the network.

In some cases, even if your system administration level is high, the Feds can hack on CherryBlossom with UPnP, using a long-standing open source code exploit called Tomato. The beaconed information contains device status and security information that the CherryTree logs to a database.

Tillerson to Testify in House as Russia Sanctions Vote Nears
At the same time, there are 6,500 Palestinians in Israeli jails, including 500 detained without charge , in some cases for years. In the past, Palestinian President Mahmoud Abbas has been reluctant to halt the payments, fearing a popular backlash.

The "man-in-the-middle" style attack gives the CIA essentially unlimited access to the activity of a user connected to the hacked network-which could potentially include those who aren't the direct target of the agency.

The documents list ten brands whose routers had been compromised: Asus, Belkin, Buffalo, Dell, Dlink, Linksys, Motorola, Netgear, Senao and US Robotics. The documents revealed that a programme called Cherry Blossom was being developed which uses a modified version of a given router's firmware to turn the device into a surveillance tool for the Central Intelligence Agency.

Like this: