Published: Mon, June 19, 2017
Tech | By Dwayne Harmon

WikiLeaks Reveals CherryBlossom CIA Router Snooping Hacking Tools

WikiLeaks Reveals CherryBlossom CIA Router Snooping Hacking Tools

In the latest instalment of its Vault 7 series of leaks, WikiLeaks has disclosed an alleged Central Intelligence Agency program known as CherryBlossom.

The compromised routers can be programmed to call back the CherryTree at a specific time.

This creates what the Central Intelligence Agency calls a "FlyTrap" which connects to a command and control server used by the Central Intelligence Agency and referred to as CherryTree. A joint venture with the Stanford Research Institute, the CherryBlossom files show how the agency can take remote control of routers and other networking devices from numerous manufacturers, transforming them into listening devices.

Named CherryBlossom, the project was allegedly developed and implemented with the help of the United States nonprofit Stanford Research Institute (SRI International) for monitoring online activity and evaluating software exploits of targets that could be used as a weapon later.

Check out the full CherryBlossom documentation over on the WikiLeaks' website. Most modified source code for the WRT54G, such as OpenWRT and Tomato added enhancements which turned that SOHO router into a more fully featured, enterprise router, although other projects have used the open source DD-WRT firmware to monitor all traffic to and from a network.

In one of many techniques called "Weeping Angel", the CIA's Embedded Devices Branch (EDB) would allegedly infest smart TVs and transform them into surreptitious microphones, recording people's conversations with no detection. This is because some devices allow their firmware to be upgraded over a wireless link.

Once FlyTrap is deployed successfully, agents are able to monitor the target using a web-based platform called CherryWeb, the documents say. Future implants for revisions of those identified devices could also be possible, according to the document obtained by ZDNet. A complete list of affected models can be found here.

The CIA developed implants "for roughly 25 different devices from 10 different manufacturers" to allow for clandestine surveillance on home, business and public wireless internet networks.

"The CIA has the ability to compromise the device in the supply chain".

Such devices can easily serve as the platform for MITM attacks. "And that was in 2016, before that it was even easier", Yavo said.

Like this: