Quite a number of Internet users have already become accustomed to keeping up-to-date their operating system and other applications. Especially those with which are used for the Internet browsing. However, we do not always remember to update our router. Recent materials published by WikiLeaks show that the CIA can infiltrate home routers. All activities were conducted using the Cherry Blossom tool, which has been under development for 10 years.
The document describing the CIA’s tool is 175 pages long. Cherry Blossom allows CIA to monitor the activity of users using the attacked router and infect local computers using other exploits. Modern routers often automatically install updates. Sometimes it is done by our Internet provider, but it also takes place at the expense of limiting the interference of the client in the device settings. However, 10 years ago, most people did not change the default password set by the manufacturer. Software (i.e. the so-called firmware) updates were performed only in case of problems with stability of the router. It was a rule: if something works, then do not change this.
Cherry Blossom breaks into routers through vulnerabilities in UPnP (Universal Plug-and-Play) protocol implementations.
Many security experts have already recommended disabling UPnP feature on routers. This option is enabled by default because this protocol makes it easy for users to live. Thanks to it, any application running on our computer can ask the router for automatic port forwarding, so that it will have direct access to the Internet without NAT (Network Address Translation). This is mainly used by p2p programs (e.g. uTorrent, DC ++ etc.) to work in so called active mode. However, malicious software can do the and this can expose our computer directly to the world. Therefore, it is better to disable UPnP and forward the selected ports manually. Or at all, in fact most Internet users can quietly work behind the so-called NAT what also increases their security.
Routers from manufacturers such as D-Link and Linksys are at risk.
A list of all devices that are susceptible to Cherry Blossom attack is available in a WikiLeaks document. There are routers produced by:
- 3Com,
- Accton,
- Aironet / Cisco,
- Allied Telesyn,
- Ambulatory,
- AMIT, Inc.,
- Apple,
- Asustek Co.,
- Belkin,
- BreezeCom,
- Cameo,
- D-Link,
- Gemtek,
- Global Sun,
- Linksys
- Motorola,
- Orinoco,
- Planet Tec,
- Senao,
- US Robotics,
- Z-Com.
If you are curious whether your router has been attacked by the CIA, then you can check it in a very easy way. Just go to:
http://router_ip/CherryWeb
According to documents provided by WikiLeaks, this site should work on any infected device.
Source: WikiLeaks
