WikiLeaks has published a new part of the Vault 7 (CIA) leaks. The latest leak is a framework used by the Cia to exploit popular consumer routers dubbed "Cherry Blossom".
Cherry Blossom was designed by the CIA with the help of Stanford Research Institute (SRI International), an American nonprofit research institute.
Cherry Blossom is basically a remotely controllable firmware-based implant for wireless networking devices, including routers and wireless access points (APs), which exploits router vulnerabilities to gain unauthorized access which then replaces manufacturer firmware with their custom firmware.
The framework is used to perform man in the middle attacks where attackers (CIA) can perform all sorts of monitoring and malicious tasks, which include:
Monitoring network traffic to collect email addresses, chat user names, MAC addresses, and VoIP numbers.
Redirecting connected users to malicious websites
Injecting malicious content into the data stream to fraudulently deliver malware and compromise the connected systems.
Setting up VPN tunnels to access clients connected to Flytrap's WLAN/LAN for further exploitation.
Full plaintext logging of all network traffic
According to an installation guide, the CherryTree C&C server must be located in a secure sponsored facility and installed on Dell PowerEdge 1850 powered virtual servers, running Red Hat Fedora 9, with at least 4GB of RAM.ell PowerEdge 1850 powered virtual servers, running Red Hat Fedora 9, with at least 4GB of RAM.
Known vulnerable brands include:
Belkin, D-Link, Linksys, Aironet/Cisco, Apple AirPort Express, Allied Telesyn, Ambit, AMIT Inc, Accton, 3Com, Asustek Co, Breezecom, Cameo, Epigram, Gemtek, Global Sun, Hsing Tech, Orinoco, PLANET Technology, RPT Int, Senao, US Robotics and Z-Com
Some direct copy/paste from: http://thehackernews.com/2017/06/cia-wireless-router-hacking-tool.html
Not indicating that the content you copy/paste is not your original work could be seen as plagiarism.
Some tips to share content and add value:
Repeated plagiarized posts are considered spam. Spam is discouraged by the community, and may result in action from the cheetah bot.
Thank You! ⚜
Thanks for the information. As you can see this is a new account so I apologize as i'm still figuring everything out. I will take your advice, but ill be posting original content for now on.
Thanks!