web analytics

New Vault 7 Leak Targets Your Internet Router

by | Jun 20, 2017 | Privacy & Tech

DOUG DAVIS

Everyone loves WiFi.  It’s a convenient way to avoid high data charges on your phone or tablet and provides a fast network connection to remote devices which are difficult to wire up.  Unfortunately for our privacy, WiFi is much easier to hack than wired connections, and the CIA has been taking advantage of this weakness since 2012, using the “Cherry Blossom” framework, described in the most recent Vault 7 data dump by Wikileaks.

Under normal circumstances, your devices communicate with your WiFi router, and it relays your requests to the various sites on the internet you want to access, then relays their responses back to you.  However, in a Cherry Blossom attack, a hacker upgrades the firmware (the permanent operating instructions) of any small WiFi routers from a huge list.  The router then becomes a listening post, or “flytrap,” which then communicates to a command server across the internet, where an analyst tells the flytrap what to do.

The flytrap is capable of monitoring and logging all internet traffic, email addresses, chat names, unique hardware identification numbers, and phone numbers.  It can also redirect your computer to websites which load all sorts of malware on your computer, or it can inject malicious code directly into the data stream itself.  The most alarming aspect of Cherry Blossom is that many WiFi routers can be exploited wirelessly, so physical access to the router isn’t always necessary.

The applications for this exploit are endless.  A team could infect the open WiFi routers in airports, and pull all e-mail traffic which references a location, forwarding that to the command server for analysis.  Or they could hack a WiFi at a coffee shop and scan for personal identification information.  Or the team could target your home network, sitting outside in a car on the street for long enough to hack the router, and then upload the firmware.  Once the team compromises your router, they can then retire back to their nice comfy office where they filter through your entire traffic feed to learn everything about you.  Then they could redirect one of your web sessions to a server which installs a remote access tool (RAT), which they use to copy all of your files.

What makes this exploit particularly useful is that most people don’t upgrade their WiFi routers firmware, and many still have their default administrator passwords, so they can be ridiculously easy to penetrate.

The good news for LN readers is that this tool is not known to be widely available, yet.  The bad news is that Cherry Blossom is at least five years old.  Coders have undoubtedly created more advanced WiFi hacking tools in that time.  To best protect yourself, make sure that your WiFi router is not on this list, keep the maximum WiFi security enabled, currently known as WPA2.  Upgrade your firmware whenever possible, and maintain highly complex administrator passwords with at least ten characters, including numbers and special characters.  Limit your WiFi use to non-sensitive devices, such as television.  Always use a virtual private network (VPN), especially in public places.  Better yet, use your phone’s data plan and tether the VPN to your phone while in public.  Unfortunately, none of these steps is an absolute guarantee against a WiFi attack as advanced as Cherry Blossom, but it is always better to be a hard target.

 

Read More From Doug Davis

Latest Posts

Social Media or Bust?

While social media can be a good venue to find and connect with relatives and friends, it has been accused of...

White House Muzzling Free Speech?

The Supreme Court hears arguments against social media censorship. https://www.youtube.com/watch?v=RY1v36oBgKc...

Survey Says: It’s Time to Leave New York

Things are tough all over in New York, and a recent citizens survey describes just how dissatisfied residents are...

NY AG Letitia James Hit Hard by Reality

Just hours before the March 25 deadline to pony up a bond of more than $450 million in New York, former President...

Latest Posts

Social Media or Bust?

While social media can be a good venue to find and connect with relatives and friends, it has been accused of...