Slashdot Mirror
CIA Created 'CherryBlossom' Toolkit For Hacking Hundreds of Routers Models (bleepingcomputer.com)
An anonymous reader writes: After a two-week hiatus, WikiLeaks dumped new files as part of the Vault 7 series -- documents about a CIA tool named CherryBlossom, a multi-purpose framework developed for hacking hundreds of home router models. The tool is by far one of the most sophisticated CIA malware frameworks in the CIA's possession. The purpose of CherryBlossom is to allow operatives to interact and control SOHO routers on the victim's network. The tool can sniff, log, and redirect the user's Internet traffic, open a VPN to the victim's local network, execute actions based on predefined rules, alert operators when the victim becomes active, and more. A 24-page document included with the CherryBlossom docs lists over 200 router models from 21 vendors that the CIA could hack. The biggest names on this list are Apple, D-Link, Belkin, Aironet (Cisco), Linksys, and Motorola.
Bullshit.
I comment occasionally so that I can mod others -1 overrated or -1 offtopic.
Defense attorneys must be salivating at this news, right? The fact that so many different router models are exploitable just screams "reasonable doubt." Hundreds of different models of routers are affected. If the CIA could find and exploit these vulnerabilities, so could other people. Anyone being charged with a computer crime that doesn't have a physical nexus (e.g. DPR getting fake passports in the mail) should point to this information and say see, my router was hackable, anyone in the world could have gotten into my network and launched that DDoS | committed credit card fraud | etc.
For example Tomato, DD-WRT, OpenWRT, and all the variants that are so popular on commodity hardware.
There is every reason to believe that intelligence agencies in other countries do the same things. Is there ANY reason to doubt that intelligence agencies in the UK, Germany, China, Russia, and other countries aren't doing the same things? Of course they're doing the same things! A lot of the world would be hypocrites to complain about this. Those governments and plenty of others are just as interested in spying as the US government is. You just wanted to post some flamebait, so congratulations on making a post that exposes just what an idiotic asshole you are. The collateral damage from the spying is a huge problem when these exploits are leaked to the public and used by criminals for their benefit. If you had made that point, I'd have no problem with it. However, you've actually revealed yourself as a troll incapable of having a mature discussion.
The Government spy agencies shouldn't be creating f...ing malware/trojans.. Cause this will happen every time. Information wants to be free. This also seems to be is old equipment models. They don't even have 802.11ac equipment listed? Oh wait, the CIA has updated attack tools that hasn't been stolen....yet.
There's plenty of debate on what constitutes responsible disclosure of vulnerabilities, but this document appears to only explain how the tool is used, not including the tool itself, so that isn't even the conversation to be having.. Your argument seems more applicable to The Shadow Brokers.
What this leak would seem to do would be to correct the mistake the CIA made by failing to disclose vulnerabilities to vendors so they could use it themselves. Pretty much the only way to criticize Wikileaks here is to claim that the CIA are the good guys, which doesn't really jibe with the entire history of the CIA, especially for the /. crowd.
This is my signature. There are many like it, but this one is mine.
I didn't see anything about DD-WRT flashed routers in the manual.
So maybe I'm good.
So the CIA uses its PoP to man in the middle traffic directed at router manufacturers firmware update sites and none of them simply checked the firmware signature before applying ?
This is pretty basic exploit and pretty basic check for the router manufacturers...
Been using pfSense for years now, glad to know the FreeBSD life style is still holding up better than commercial consumer bullshit!
A long new password won't help the device.
FlyTrap then connects to CherryTree.
Mission then sends down the tasks to the device.
CherryWeb is the GUI that looks over the new network.
Windex alters the computers browsers i.e. malware.
A copy of networked data via a new VPN.
Years of access.
Domestic spying is now "Benign Information Gathering"
Wikileaks could have informed the manufacturers first, giving them time to create patches before it's leaked to the interwebs.
That's bullshit. The manufacturers are well aware of the flaws being exploited, and it is just as plausible they left them open on 'request'.
“He’s not deformed, he’s just drunk!”
This is certainly "unauthorized access to a computer system". So we're going to see people going to prison for this, right? Like I would, if I did something like that? ..... right?
Good to see ubiquiti isn't on the list
Page 24...
"Barring guidance from the Sponsor with regards to particular devices of interest, Cherry Blossom has attempted to support wireless network devices that are ubiquitous and readily available (at least in the US)."
Why does CIA care what is "ubiquitous" and "readily available" in the United States? Who are they targeting? Why would they waste considerable sums of time and effort developing cracked firmware images based on US market availability? Is the CIA's mission spying on Americans? Isn't this supposed to be "Illegal"?
*Perhaps the ethical thing to do would be to inform the manufacturers and give them reasonable notice prior to simply dumping the information online*
well yes. but deploying this tool equaled to dumping the info online or not?
world was created 5 seconds before this post as it is.
Sounds like some obscure porn activity.
A small vulnerability in a $50 consumer grade router that only results in a small number of users getting hit, most of which will never know they were pwned anyway, will not usually result in a massive effort to patch the flaws. Only after it is exploited on a wide scale and public attention and/or lawsuits brought will the beancounters think it's economically worth doing.
In the end I think most of these manufacturers should collaborate, fund and use a common community-driven firmware. Just slap a custom theme on an OpenWRT web GUI separate from the base firmware w/ some preinstalled packages and call it a day. With everyone throwing money and resources at OpenWRT, lighttpd, freecwmp, etc things could get a lot better.
The CIA, NSA and FBI could also inform manufacturers of these flaws, rather than request they remain, instead of weakening the security of this nation's network infrastructure by actively exploiting them for fun and profit.
A small vulnerability in a $50 consumer grade router that only results in a small number of users getting hit, most of which will never know they were pwned anyway, will not usually result in a massive effort to patch the flaws. Only after it is exploited on a wide scale and public attention and/or lawsuits brought will the beancounters think it's economically worth doing.
I'd argue that the bigger problem is that companies producing consumer products don't take security design seriously. Notifying them and letting them patch before disclosure only serves to bolster a reactionary design culture, and won't help transform the industry into a proactive one.
Full zero-day disclosure may have a long term positive effect in that customers who get bit are likely to take their money elsewhere, punishing those who make vulnerable products, and giving new companies a boost.
This allows for evolutionary pressure, while responsible disclosure greatly reduces the pressure, and thus the evolution.
Lets hope the absence of Netgear from the router list means my Netgear DGN2200M isn't vulnerable...
If you play by the rules but your adversaries don't, then you are at a disadvantage...
Yes the NSA/CIA have 0day exploits, but so do the intelligence agencies of russia, china, israel, north korea etc, and so do organised criminals. If the NSA gave up theirs, that would just make it easier for the others.
Also likely these tools leaked quite some time ago, and 802.11ac wasn't around yet. But even if such versions aren't listed, that doesn't mean the vulnerabilities aren't still present. If they weren't previously disclosed then the vendors are unlikely to have fixed them and the newer versions will often reuse a lot of the same code.
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
Check out Luxul routers. Not the cheapest but built on OpenWRT I've had a few now. Different models. All have been secure. And yes I've personally pen tested, and have had others pen test.
Snowden blew the whistle on NSA wrongdoing. This isn't wrongdoing, it's the toolset of a public security agency that wasn't using them to violate the law or the rights of the people it defends, and now can't use at all.
While everyone collaborating on a single open source firmware may make sense in many ways there are still problems with this approach...
Some will contribute a lot while others will just leech off the community, this may anger those who do contribute and discourage them from doing so.
Inevitably there will be disagreements and you'll end up with incompatible forks.
Some vendors will introduce vulnerabilities not present in the core code, or produce devices which never get updated etc and damage the reputation of the underlying platform.
Other vendors will still produce their own proprietary firmwares but start advertising them as "secure" because they don't have as many vulnerabilities found as the dominant platform - either because their code really is better written, or more likely because its so niche that few people bother looking for holes.
If everyone runs the same software you get a monoculture, while there may be less vulnerabilities found each one will be far more severe due to the much larger number of affected users. No software will ever be perfect, so inevitably some holes will still be found.
The software will end up bloated trying to serve everyone's needs, and do so badly.
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
In an ideal world noone would do it, but if everyone else is doing it then you have to do so too or else you fall behind.
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
^ Does not know what fun and profit are.
I don't know, I would consider clandestinely destroying the 4th and 5th amendments to bolster my budget both fun and profitable. Creepy.... but fun.
Did a quick scan of the attached user manual and from the table of contents, alone, I'm skeptical of its authenticity...
If the (U) and (S) of items in the table of contents refer to (Unclassified) or (Secret) classifications, then the author of the document should have their security clearance revoked.
Whenever a document contains multiple classifications, the document as a whole is classified at the strictest level; for example, if you have a document that is comprised of all Unclassified material except for one sentence that is classified Secret, the entire document is classified Secret. Looking at the table of contents, this is violated heavily. If the individual components are referred to by their security clearance, the overarching chapters are often misclassified. Any chapter containing a subelement that is (S)ecret means the chapter, as a whole should be (S)ecret, but this isn't followed (particularly for chapters 11-13).