CIA firmware discovered to have been turning Wi-Fi routers into listening posts for 10 years - Sensationalist Headlines

[quote]Home routers from 10 manufacturers, including Linksys, DLink, and Belkin, can be turned into covert listening posts that allow the Central Intelligence Agency to monitor and manipulate incoming and outgoing traffic and infect connected devices. That's according to secret documents posted Thursday by WikiLeaks. CherryBlossom, as the implant is code-named, can be especially effective against targets using some D-Link-made DIR-130 and Linksys-manufactured WRT300N models because they can be remotely infected even when they use a strong administrative password. An exploit code-named Tomato can extract their passwords as long as a default feature known as universal plug and play remains on. Routers that are protected by a default or easily-guessed administrative password are, of course, trivial to infect. In all, documents say CherryBlossom runs on 25 router models, although it's likely modifications would allow the implant to run on at least 100 more. The 175-page CherryBlossom user guide describes a Linux-based operating system that can run on a broad range of routers. Once installed, CherryBlossom turns the device into a "FlyTrap" that beacons a CIA-controlled server known as a "CherryTree." The beacon includes device status and security information that the CherryTree logs to a database. In response, the CherryTree sends the infected device a "Mission" consisting of specific tasks tailored to the target. CIA operators can use a "CherryWeb" browser-based user interface to view Flytrap status and security information, plan new missions, view mission-related data, and perform system administration tasks. Missions can target connected users based on IPs, e-mail addresses, MAC addresses, chat user names, and VoIP numbers. Mission tasks can include copying all or only some of the traffic; copying e-mail addresses, chat user names, and VoIP numbers; invoking a feature known as "Windex," which redirects a user's browser that attempts to perform a drive-by malware attack; establishing a virtual private network connection that gives access to the local area network; and the proxying of all network connections.[/quote] [url]https://arstechnica.com/security/2017/06/advanced-cia-firmware-turns-home-routers-into-covert-listening-posts/[/url]

[QUOTE]An exploit code-named Tomato can extract their passwords as long as a default feature known as universal plug and play remains on.[/QUOTE] One more reason to [I]never[/I] use UPnP on anything connected to the Internet. I doubt UPnP was the only method CherryBlossom uses to attack routers, especially if you have a shitty administration password (and SO many are left to the default), but that's one easy step to close down a large fraction of malware that performs router attacks.

Coincidence that Tomato is also the name of a [URL="https://en.m.wikipedia.org/wiki/Tomato_(firmware)"]firmware for Linksys routers?[/URL]

Wow,what a surprise. :thinking:

No shit. You'd have to legit lobotomize yourself at this point to not accept the fact that the CIA is the worst of the worst.

[QUOTE=JoeSkylynx;52379139]No shit. You'd have to legit lobotomize yourself at this point to not accept the fact that the CIA is the worst of the worst.[/QUOTE] you are sorely mistaken if you dont think other counties dont do the same thing

huh, no wonder my wi-fi router is named like this [img]https://dl.dropboxusercontent.com/u/5168294/screencaps/Photo%20Jun%2019%2C%205%2043%2053%20PM.png[/img]

[QUOTE=JoeSkylynx;52379139]No shit. You'd have to legit lobotomize yourself at this point to not accept the fact that the CIA is the worst of the worst.[/QUOTE] [QUOTE=da space core;52379151]you are sorely mistaken if you dont think other counties dont do the same thing[/QUOTE] While it's a legitimate refutation of the idea that the US is uniquely bad, 'other countries do it too' isn't inherently a justification. The fact is that governments, terrorists, rogue nations, outlaws, and ordinary innocent citizens are all using the same technology, so for an intelligence or law enforcement agency to do their job they need tools and exploits that work against commercial products. The raw capabilities aren't necessarily the thing to be concerned about, it's how they're used and who they're used against that needs to be scrutinized and subject to oversight. The article itself notes: [quote]While WikiLeaks said Vault7 was intended to "initiate a public debate about the security, creation, use, proliferation, and democratic control of cyberweapons," little or nothing published to date has shown the CIA running afoul of its legal mandate.[/quote] Without the actual details of the exploit posted, this reveals the nature of the capability, but doesn't say that it was being illegally used against regular people or deliberately compromising the security of the public. That's what's important, not whether or not other countries have similar capabilities. If a leak were to come out tomorrow revealing that this was being used to spy on the general populace, [I]that[/I] would be a huge deal, whether or not other countries do it too.

[QUOTE=elitehakor;52379172]huh, no wonder my wi-fi router is named like this *big-ass image*[/QUOTE] psst, use t instead of img for those of use browsing on desktop rather than mobile :v: