It’s funny how we can sometimes place trust in the exact place where people are screwing you over. We trusted our ISPs, turns out they’re selling our data, we trusted Microsoft and now they’re feeding us ads through Windows. Another area we misplace our trust is in our WiFi router, the one place where 90%+ of our internet traffic passes through. As Tech N9ne says, “People need me, I’m the WeeFee/ I get them on movies and TV/ Connecting Scooby and Stevie/ Straight from Missouri to Fiji.”
Out of all the people I know in person, there are maybe 5 people who know that the WiFi access point in their home even has a password to change certain settings. About 2 of those people know exactly what each setting in the router will do. The rest of the people I know haven’t even had whoever set their network up change the default router password. Not only does this leave somebody vulnerable, it leaves anybody near them vulnerable.
Now that we’re aware of this fact, what if we add the CIA into the mix? According to documents from the Wikileaks Vault 7 leak the CIA has implemented in 25 models of WiFi routers a backdoor, called CherryBomb or CherryBlossom, that allows them to capture live data from your network and concurrently monitor your network traffic. Different models of WiFi access point will allow the CIA to monitor different types of information and even change settings on the router itself, limiting your access to the internet in various ways such as prohibiting access to certain websites or limiting your internet speed.
The brands that are currently targeted (not all models) are Dlink, Linksys, Motorola, Netgear, Senao, Asus, Belkin, Buffalo, Dell and US Robotics. The CIA does not plan to stop with the 25 models that they’ve already developed an implementation procedure, the “CB goal” is to increase the number of devices that can have CherryBlossom implemented.
This was as of 2012, however and more than 25 different models could be affected. To be clear, however, this is being done without the knowledge of the manufacturers. Some common ways that this could be implemented is by intercepting the package while in snail-mail transit between the buyer and the seller, like what the NSA did.
The CherryBlossom implementation has several modes that allow the CIA to capture certain information that pertains to a specific venue of data. Harvest Mode, for example, “harvests email addresses and chat users” by using what the document calls “Flytrap implant search algorithms” and sends them back to the CherryTree (which is the control server).
The Flytrap can also inhibit upgrading the firmware as the program will not survive an upgrade and would no longer function.
How to Fix This
Firstly, check out the document to see if your WiFi router is affected (there’s a few tables in here) and from there, see if you can upgrade your firmware in the first place.
If you can’t upgrade or refresh your firmware, you might want to try OpenWRT, which is an open-source router firmware, and follow respective installation procedures to flash your router firmware.
If all else fails, purchase a new router, one that is supported by OpenWRT and put OpenWRT on it right away.
If you’re not affected, great! Keep on surfing the internet!
If you’re having trouble finding a suitable WiFi router to purchase, check out the Linksys WRT1900AC Dual Band Gigabit Wireless Router (aff) on Newegg which is OpenWRT compatible.
Image Credit: CNN