WikiLeaks has published a new part of the Vault 7 (CIA) leaks. The latest leak is a framework used by the Cia to exploit popular consumer routers dubbed "Cherry Blossom".
Cherry Blossom was designed by the CIA with the help of Stanford Research Institute (SRI International), an American nonprofit research institute.
Cherry Blossom is basically a remotely controllable firmware-based implant for wireless networking devices, including routers and wireless access points (APs), which exploits router vulnerabilities to gain unauthorized access which then replaces manufacturer firmware with their custom firmware.
The framework is used to perform man in the middle attacks where attackers (CIA) can perform all sorts of monitoring and malicious tasks, which include:
Monitoring network traffic to collect email addresses, chat user names, MAC addresses, and VoIP numbers.
Redirecting connected users to malicious websites
Injecting malicious content into the data stream to fraudulently deliver malware and compromise the connected systems.
Setting up VPN tunnels to access clients connected to Flytrap's WLAN/LAN for further exploitation.
Full plaintext logging of all network traffic
According to an installation guide, the CherryTree C&C server must be located in a secure sponsored facility and installed on Dell PowerEdge 1850 powered virtual servers, running Red Hat Fedora 9, with at least 4GB of RAM.ell PowerEdge 1850 powered virtual servers, running Red Hat Fedora 9, with at least 4GB of RAM.
Known vulnerable brands include:
Belkin, D-Link, Linksys, Aironet/Cisco, Apple AirPort Express, Allied Telesyn, Ambit, AMIT Inc, Accton, 3Com, Asustek Co, Breezecom, Cameo, Epigram, Gemtek, Global Sun, Hsing Tech, Orinoco, PLANET Technology, RPT Int, Senao, US Robotics and Z-Com