As part of WikiLeaks' “Vault 7” releases detailing various CIA-developed exploits targeting computers and mobile devices, the non-profit organization today shared a pair of new exploits, called “Achilles” and “SeaPea” and developed under the code-name “Imperial”.
A new batch of confidential “Vault 7” documents, leaked by the non-profit whistleblower organization WikiLeaks, has revealed that the United States Central Intelligence Agency has been hacking routers from major brands for years, turning them into surveillance devices.
The reported "Cherry Blossom" tool can modify a router's firmware without a victim's knowledge, giving the attacker a wide range of capabilities like eavesdropping on network traffic, gathering passwords, scanning for email addresses and phone numbers and more.
The attacker even has the power to redirect an unsuspecting user to a particular website, including government-created webpages used for phishing purposes.
Once infected, the backdoor remains functional even after a router is updated to a newer firmware version, so long as it has not changed its underlying hardware or operating system.
The hack cannot be deployed remotely. Instead, the CIA can install it on a target router using its Claymore tool or by side-loading a compromised firmware using supply chain tactics (intercepting the target device between the factory and the end user).
ZDNet reports that the documents reveal that the “Cherry Blossom” hack supports more than two-dozen router models from major manufacturers.
Among the compromised router brands are the devices from Asus, Belkin, Buffalo, Dell, Dlink, Linksys, Motorola, Netgear, Senao and US Robotics. However, Apple's AirPort devices don't seem to be among them, but the fact they're not listed doesn't mean that the CIA hasn't hacked Time Capsule and AirPort devices.
WikiLeaks yesterday published a new batch of internal CIA documents which highlighted some of the hacks and programs that the spy organization has been developing internally for years. Those tools were specifically designed to infest Apple’s all-in-one iMac desktop and MacBook notebooks if an agent was able to gain physical access to the device.
One of the methods involved utilized patched Thunderbolt EFI exploit. Apple told TechCrunch that the documents detail old exploits fixed years ago.
Following the initial release of documents, dubbed “Year Zero,” which detailed tactics the CIA leverages to breach iPhones, iPads, Windows, smart TVs and other devices, WikiLeaks today published additional “Vault 7”-series materials. Code-named “Dark Matter,” the latest batch of secret files provides an insight into other CIA hacks and programs that have been internally developed and maintained for years with the goal of infesting Apple's all-in-one iMac desktop and MacBook notebooks.
Apple said yesterday that “many” CIA exploits revealed in WikiLeaks' dump codenamed “Vault 7” are already patched in the latest version of iOS. As for the remaining exploits, Apple engineers are working to address them as well, according to The Wall Street Journal on Thursday.
A person familiar with the situation told the paper that Apple engineers have been coordinating the company’s response to this new security threat.
Yesterday, WikiLeaks stunned the world by publishing a cache of 8,761 secret documents detailing dirty tactics that organizations like the CIA leverage in order to hack not just iOS and Android devices, but also computers, routers and televisions. In a statement issued to news outlets like TechCrunch, and subsequently posted to Twitter by BuzzFeed's John Paczkowski, a company spokesperson confirmed that Apple had already patched many of the fourteen exploits mentioned in the WikiLeaks dump, codenamed “Vault 7”.
WikiLeaks today published a cache of 8,761 secret documents detailing tactics the United States Central Intelligence Agency (CIA) relies on for breaching iPhones, iPads, Android smartphones and tablets, Windows PCs and even routers and smart TVs. It's currently unclear if the documents—available to peruse on the group’s website—have serious privacy and security implications. Dubbed “Vault 7”, the leak has been teased on WikiLeaks' Twitter account for a few weeks prior to its release.