Stories
Slash Boxes
Comments

SoylentNews is people

posted by cmn32480 on Friday June 16 2017, @10:08AM   Printer-friendly
from the let-me-contain-my-surprise dept.

Arthur T Knackerbracket has found the following story:

Home routers from 10 manufacturers, including Linksys, DLink, and Belkin, can be turned into covert listening posts that allow the Central Intelligence Agency to monitor and manipulate incoming and outgoing traffic and infect connected devices. That's according to secret documents posted Thursday by WikiLeaks.

The 175-page CherryBlossom user guide describes a Linux-based operating system that can run on a broad range of routers. Once installed, CherryBlossom turns the device into a "FlyTrap" that beacons a CIA-controlled server known as a "CherryTree." The beacon includes device status and security information that the CherryTree logs to a database. In response, the CherryTree sends the infected device a "Mission" consisting of specific tasks tailored to the target. CIA operators can use a "CherryWeb" browser-based user interface to view Flytrap status and security information, plan new missions, view mission-related data, and perform system administration tasks.

[...] All the communications between the FlyTrap and the CIA-controlled CherryTree, with the exception of copied network data, is encrypted and cryptographically authenticated. For extra stealth, the encrypted data masquerades as a browser cookie in an HTTP GET request for an image file. The CherryTree server then responds to the request with a corresponding binary image file.

CherryBlossom is the latest release in WikiLeaks Vault7 series, which the site purports was made possible when the "CIA lost control of the majority of its hacking arsenal." CIA officials have declined to confirm or deny the authenticity of the documents, but based on the number of pages and unique details exposed in the series, there is broad consensus among researchers that the documents are actual CIA materials.

-- submitted from IRC


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by digitalaudiorock on Friday June 16 2017, @02:06PM (3 children)

    by digitalaudiorock (688) on Friday June 16 2017, @02:06PM (#526427) Journal

    Are the routers still vulnerable if OpenWRT is installed?

    Unless they're exploiting something other than the OS itself, which seems almost impossible, I can't imagine it would. Perhaps it would possible for them to exploit something like dd-wrt but it's hard to imagine they'd bother given all the other easy pickens out there.

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2  
  • (Score: 5, Insightful) by pTamok on Friday June 16 2017, @02:33PM (2 children)

    by pTamok (3042) on Friday June 16 2017, @02:33PM (#526435)

    Unless they're exploiting something other than the OS itself, which seems almost impossible...

    Actually, pretty easy. Most low end devices are built using System On a Chip (SOC) technology, and those in turn are manufactured by the router vendor buying (proprietary, (trade) secret) system component designs that are integrated together by the chip fab, with maybe one or two tweaks. These modular building blocks can have almost anything incorporated into them without the end-customer knowing, so an Ethernet packet processor could easily have a hardware backdoor incorporated into the chip layout. The same is true for Wi-Fi radio modules. No-one audits the design for such things.

    ( See https://en.wikipedia.org/wiki/System_on_a_chip [wikipedia.org] )

    People have noticed the management processors in Intel and AMD cpus, but there is nothing preventing similar techniques being used elsewhere. Once you have a standard module ( https://en.wikipedia.org/wiki/Semiconductor_intellectual_property_core [wikipedia.org] ) with a backdoor incorporated, it takes very little effort for it to be rolled out to all SoC devices manufactured. If anything, it takes more effort to not have it in.

    This is why the open hardware movement is important. Unless you can trust your hardware, you don't know if you can be compromised. This is a hard problem to solve, especially if your adversary is a nation-state from whom you buy electronics.

    • (Score: 0) by Anonymous Coward on Friday June 16 2017, @09:18PM

      by Anonymous Coward on Friday June 16 2017, @09:18PM (#526635)

      "This is a hard problem to solve, especially if your adversary is a nation-state from whom you buy electronics."

      Unless you only use FPGA chips. I dont believe you can easily compromise one of them, since they cant predict what sort of internal logic you will be running, or what pins for i/o..

    • (Score: 2) by digitalaudiorock on Saturday June 17 2017, @02:45PM

      by digitalaudiorock (688) on Saturday June 17 2017, @02:45PM (#526988) Journal

      I stand corrected! Thanks for the explanation.