Wikileaks Vault 7 Release: CherryBlossom
Over the past few months, WikiLeaks has been releasing sets of documents in its Vault 7 series, revealing mind-blowing CIA surveillance techniques. From infecting target users with malware to attacking LAN networks of target users, the CIA leaves no leaf unturned to get information. The CherryBlossom release published on the 15th of June, 2017 describes the CherryBlossom firmware project that hacked into commercial WiFi devices and routers to access user information.
Previous releases discuss the hacking of target users, however, this time, it’s not individual computers but on specific WiFi makes and models. In the big picture, the purpose of the CherryBlossom surveillance is to monitor Internet activity of targets of interest. On a micro scale, however, this purpose is achieved by compromising wireless network devices such as wifi and access points of specific make and models. This is worrisome because anyone using the firmware of these routers are at risk of having their data compromised. To make it worse, the hack is impossible to detect because it targets the hardware instead of the software; so an anti-virus will not be able to detect any intrusion.
This is massive surveillance that will affect homes, bars, restaurants, hotels, literally anyone or any business that uses these specific routers and access points. Through these devices, the CIA can monitor, control and manipulate Internet traffic of target users. The device can easily inject malware and other content into the applications and operating system of users. How does the CIA achieve this? Simple, CherryBlossom firmware is implanted into the device and when the device upgrades the firmware, the infection is successful.
The difficulty here is the implantation of the firmware. It’s easy to implant malicious content into a software or a web program, but to a device’s hardware? Commercial devices have vulnerabilities that end-users are not aware of and the CIA uses exploitation tools to get to these vulnerabilities and releases the infection when the firmware is updated.
Once the device is infected, it becomes a FlyTrap, and the operator assigns it certain tasks that include but are not limited to scanning emails address, setting up VPN tunnels and provide the operator with access to WLAN/LAN connections. A deep exploit into user base, network traffic, and private data is possible with the CherryBlossom hack.
The document released contains lists of routers and access points with some devices being more than five years old; clearly indicating surveillance that has been going on for years at end. Devices from brands as 3Com, D-Link, Linksys, and PanetTec etc are some of the names that are included in the list. The document gives a list of possible routers that have been compromised, but it does not say which of them have been successfully done so. If you have a device from one of these vendors, don’t panic. Search online for the firmware of your device’s make and model and follow the given instructions. Once the firmware is fixed, you are safe from any unwanted compromise of data.