Months ago, Wikileaks posted many Top Secret CIA documents in their Vault 7 leak. Late last week, they released even more documents, outlining the CIA’s Wi-Fi router hacking capabilities. Cherry Blossom is the set of tools and techniques the CIA uses to hijack consumer Wi-Fi and wireless routers. If they can gain access to a target’s router, they can replace its firmware with a backdoored version that essentially gives them access to the target’s entire network. Watch the video to learn more about this new CIA leak.
Episode Runtime: 4:08
Direct YouTube Link: https://www.youtube.com/watch?v=6Oqu6nuHxYU
EPISODE REFERENCES:
- CIA hacked Wi-Fi routers for years – Forbes
- CIA’s Leaked Cherry Blossom documents – WikiLeaks
- CIA Wi-Fi pwnage “tools” leaked – The Register
Corey Nachreiner, CISSP (@SecAdept)
Hi Corey,
These short SecurityBites are great Corey. I often send them on to clients and even friends and family, because the language you use is normally not too geeky and the information contained is good at raising security awareness amongst even non-techy tymes.
One thing on this topic… You forgot to mention the fact that the majority of consumer Internet devices have an all too limited patch lifespan. i.e. The vendors will only release firmware updates for these devices for a few years (or even less, in some cases) and then not release any further updates, even if vulnerabilities are identified; as their philosophy is that the devices should simply be replaced, at this point. All too often I find consumer Internet devices, even being used by small businesses, that are years old (normally rebranded devices from telcos/ISPs), with known vulnerabilities and no firmware patch available from the vendor/provider. Now look at domestic setups and this situation only gets worse. We really need to be making people aware of two critical facts:
1. Businesses should only use commercial grade Internet devices and maintain them properly.
2. Homes, that are using these consumer devices, should really look at replacing them every couple of years.
Cheers,
David.