Written by Alexa Erickson
In the latest ongoing WikiLeaks whistleblowing scandal, the website has published documents from the CIA’s CherryBlossom project, exposing agency’s exploitation of Wi-Fi device security vulnerabilities. Released on Thursday, the new batch of CIA classified documents comes from the Vault 7 project.
In a press release, WikiLeaks said: “Today, June 15th 2017, WikiLeaks publishes documents from the CherryBlossom project of the CIA that was developed and implemented with the help of the US nonprofit Stanford Research Institute (SRI International).”
CherryBlossom monitors the Internet activity of, and performs software exploits on, targets of interest. According to the press release:
In particular, CherryBlossom is focused on compromising wireless networking devices, such as wireless routers and access points (APs), to achieve these goals. Such Wi-Fi devices are commonly used as part of the Internet infrastructure in private homes, public spaces (bars, hotels or airports), small and medium sized companies as well as enterprise offices. Therefore these devices are the ideal spot for “Man-In-The-Middle” attacks, as they can easily monitor, control and manipulate the Internet traffic of connected users.
The devices work by compromising the data stream between the user and Internet services. The end result is control and manipulation of router user traffic.
According to WikiLeaks, CherryBlossom has been infecting Wi-Fi routers of D-Link, Belkin, and Linskys companies for years.
To implant the customized CherryBlossom firmware on a wireless device, no physical access is required, making the operation dangerously stealthy. This is because some devices allow their firmware to be upgraded over a wireless link.
The new firmware on the device can be used to ignite the router into a “FlyTrap,” which can scan for “email addresses, chat usernames, MAC addresses and VoIP numbers” in passing network traffic.
WikiLeaks has been releasing documents of the Vault 7 since March 7, its first full part revealing 8,761 documents. The most recent release prior to CherryBlossom occurred on June 1, and involved the “Pandemic” spyware.
Originally posted @ Collective Evolution