• 支持MPN
Logo Logo
  • 调查
  • 意见与分析
  • 卡通
  • 播客
  • 视频
  • 语言
    • English
    • русский
    • Español
    • اَلْعَرَبِيَّةُ
    • Français
The floor of the main lobby of the Central Intelligence Agency in Langley, Va., Saturday, Jan. 21, 2017. (AP/Andrew Harnik)

Latest Wikileaks Release, ‘Cherry Blossom’ Exposes CIA Wireless Hacking

关注我们

  • Rokfin
  • Telegram
  • Rumble
  • Odysee
  • Facebook
  • Twitter
  • Instagram
  • YouTube
The floor of the main lobby of the Central Intelligence Agency in Langley, Va., Saturday, Jan. 21, 2017. (AP/Andrew Harnik)
The floor of the main lobby of the Central Intelligence Agency in Langley, Va., Saturday, Jan. 21, 2017. (AP/Andrew Harnik)

The whistleblowing site WikiLeaks is back with yet another Vault 7 series related document. This one is called “Cherry Blossom” program which gives a glance at the wireless hacking capabilities of The Central Intelligence Agency (CIA).

The Cherry Blossom project according to the leaked documents was allegedly developed and implemented by the CIA with the help of a nonprofit research institute headquartered in Menlo Park, California for its project “Cherry Bomb.”

Cherry Blossom itself is a firmware allowing the attackers to exploit vulnerabilities and compromise wireless networking devices such as access points (APs) and wireless routers.

Upon compromising the targeted device remotely, Cherry Blossom replaces the existing firmware with its own allowing the attackers to turn the router or access point into a so-called ‘FlyTrap’. The FlyTrap can scan for “email addresses, chat usernames, MAC addresses and VoIP numbers” in passing network traffic – All that without any physical access.

RELEASE: CIA 'CherryBlossom' & 'CherryBomb' have been infecting #DLink, #Belkin & #Linksys WiFi routers for years https://t.co/uCQLaaRwrO pic.twitter.com/gEfD84RKlX

— WikiLeaks (@wikileaks) June 15, 2017

According to Wikileaks press release:

Once the new firmware on the device is flashed, the router or access point will become a so-called FlyTrap. A FlyTrap will beacon over the Internet to a Command & Control server referred to as the CherryTree. The beaconed information contains device status and security information that the CherryTree logs to a database. In response to this information, the CherryTree sends a Mission with operator-defined tasking. An operator can use CherryWeb, a browser-based user interface to view Flytrap status and security info, plan Mission tasking, view Mission-related data, and perform system administration tasks.

Furthermore, WikiLeaks notes that because WiFi devices are common in homes, public places and offices it makes them fitting target to conduct ‘Man-In-The-Middle’ attacks as Cherry Blossom program can easily monitor, control and manipulate the Internet traffic of connected users.

Some of the devices which can be exploited by Cherry Blossom for vulnerabilities include 3Com, Aironet/Cisco, Allied Telesis, Ambit, Apple, Asustek Co, Belkin, Breezecom, Cameo, D-Link, Gemtek, Linksys, Orinoco, USRobotics, and Z-Com. The full list of hundreds of other vendors is available here [Pdf].

So far, the Vault 7 series has shown how CIA allegedly hacks TVs, smartphones, trucks and computers. The series also highlights the critical vulnerabilities which the intelligence community discovers in operating systems like Windows and Mac OS but never shares with the manufacturers.

The documents have also shown how CIA uses malware and other software against unsuspecting users around the world. These include Dark Matter, Marble, Grasshopper, HIVE, Weeping Angel, Scribbles, Archimedes, AfterMidnight or Assassin, Athena and Pandemic.


© HackRead

 

Comments
16 6 月, 2017
Waqas | HackRead

What’s Hot

英国巴勒斯坦团结运动官员承认与前以色列间谍合作

纳伊布·布克莱的萨尔瓦多独裁统治:以色列制造

五角大楼利用捏造的中国威胁来制造基因工程士兵

华盛顿为何担心布基纳法索的年轻革命领袖

纳伊布·布克尔:“世界上最酷的独裁者”的阴暗面

  • 联系我们
  • Archives
  • About Us
  • 隐私政策
© 2025 MintPress News