Choosing a strong password for your Wi-Fi router wouldn't have been enough to defend it from a reported Central Intelligence Agency hacking tool that WikiLeaks revealed this week.
The hacking software, known as CherryBlossom, is designed to allow CIA agents to replace the firmware of a wireless router with custom code that allows them to monitor its internet traffic remotely, according to a user manual WikiLeaks posted.
The manual was published in 2006 and last updated in 2012. It and related technical documents are part of WikiLeaks' Vault7 trove of stolen intelligence, which the organization announced in March. The CIA has refused to comment on the trove, which was circulated among US government contractors, according to WikiLeaks, one of whom provided it to the organization.
Using CherryBlossom, the CIA would have been able to bypass a router's security and access its firmware upgrade page using a variety of methods. Some require the router's administrator username and password, while others, including a "Claymore tool," have the built-in capability to guess the login credentials and wirelessly replace the firmware using a nearby laptop.
CherryBlossom's software was able to compromise dozens of router models from D-Link, Linksys, US Robotics, and other manufacturers, according to the leaked documents. Some are consumer models, while others are designed for commercial installations like coffee shops and airports. Once a router is compromised, its communications to and from the CIA's control server are encrypted and disguised to prevent detection.
Related
- WikiLeaks Trove Appears to Show CIA Hacking ToolsWikiLeaks Trove Appears to Show CIA Hacking Tools
Once the CIA gained acces to a router, the manual explains that agents could view network traffic and redirect requests made from web browsers for additional spying, among other capabilities.
Representatives from several router manufacturers did not immediately respond to requests for comment on Friday, nor did the Stanford Research Institute, which reportedly assisted the CIA in developing CherryBlossom, according to WikiLeaks.
Router manufacturers regularly issue security updates, so we could see CherryBlossom-specific fixes show up soon. In the meantime, if your router is on the list of affected devices, the best protection is to reset its firmware to its factory settings.
Researchers are warning that e-cigarettes can be modified, without a ton of effort, to infect a victim's PC with malware.
Most entrepreneurs have an intuitive understanding that mental health is important to the success of their business.
One of Roomba's main creators has built a robot that will weed your garden.
A series of computer viruses targeting companies and organizations closely resembles the Vault 7 hacking tools that WikiLeaks disclosed.
Relax Did the CIA Hack Your Router? stories
Researchers are warning that e-cigarettes can be modified, without a ton of effort, to infect a victim's PC with malware.
The social network is leveraging AI, in partnership with human expertise, to keep content from groups like ISIS and Al Qaeda off the platform.
Multiple artificial intelligence 'agents' worked in tandem to predict the best moves for Ms. Pac-Man, achieving a perfect score of 999,990.
They're designed to protect against future state-sponsored malware attacks akin to last month's WannaCry, but are not a substitute for upgrading your OS.
Many of creators come to find out that YouTube is not a sustainable income source. Here's how to use the platform to actually get paid.
Why park your own car when artificial intelligence can figure out how to do it for you?
"Smart" homes these days means safe homes, in terms of security and health. The IoT opportunities are out there. Are you game?
The new Eero mesh Wi-Fi system is smaller and faster, and even doubles as a nightlight.
'Autonomy is something that's incredibly exciting for us, but we'll see where it takes us,' Apple CEO Tim Cook said during a recent interview.
Cybercriminals have managed to infect PCs if the user so much as hovers over a hyperlink in a PowerPoint slide.
Don't let your fear of failure keep you from launching your small business.
If your Android-powered phone or tablet is lost or stolen, follow these steps to set up the Android Device Manager now.
Since its launch 7 years ago, Instagram has become one of the leading social media platforms for image-based content, with over 600 million active monthly users.
From high-tech (online videos) to no-tech (flyers and cold-calling), leave no stone unturned in your search for customers.
As well as domestic flights, dozens of airports spread across Europe, the Middle East, and Africa are also under consideration by Homeland Security.
Data is converted into a binary format and transmitted by flashing the LED activity lights while a nearby camera records their output.
Here's another reminder to be careful what you do online.
A new visa application form requests social media handles, but not passwords, from some applicants.
A hacker broke into systems for the 'US operating region' and stole sensitive user data
Google's machine learning model in Gmail 'selectively delays messages … to perform rigorous phishing analysis.'
The ban blocks access to Nintendo's online services due to the use of "unauthorized system modification."
Researchers from security firm Check Point said 'hundreds of millions' of devices running media players such as VLC, Kodi, Popcorn Time, and Stremio are at risk.
Google's advertisers will soon be able to measure the success of their online campaigns based on credit card transaction data from physical stores.
You may see a notice informing you about the recent privacy policy changes the next time you visit the microblogging service, if you haven't seen it already.
Numerous hospitals across Britain were affected by the ransomware, requiring them to shut down their IT systems and turn patients away.
Facebook pushed back on the report, but also admitted its research didn't follow the 'established process to review the research we perform.'
The practice of intercepting messages between Americans and foreigners that mention a terrorism suspect will end.
In the US, most requests come from search warrants and other court orders, although some are made using secret "national security letters."
The hacking group, known variously as Fancy Bear or Pawn Storm, uses sophisticated phishing attempts and targets victims seen as at odds with Russian interests, Trend Micro reports.
Flaws in the routers' firmware could let hackers access configuration settings and execute remote commands. Linksys said it's working on a patch.
Whole Foods will continue to operate stores under its existing brand, but it comes as Amazon is expanding its Amazon Fresh service with easier pickup and ordering.
We talked with Dave O'Connor, executive producer of the NatGeo series Year Million, about what you find when you follow technological evolution 10, 100, and even a million years out.
The installation mirrors how we trade privacy for entertainment.
Researchers are warning that e-cigarettes can be modified, without a ton of effort, to infect a victim's PC with malware.
After saying net neutrality is "not our primary battle," Netflix is rejoining the fight.
The Air Force's budget request has revealed that it would cost the government over $420 million per ULA launch by 2021.
There is no sign of the 3DS coming to the end of its life or being replaced with a successor.
Jamie Erlicht and Zack Van Amburg were also behind Netflix's 'The Crown' and Amazon's 'Sneaky Pete.'
Help us help you win a $100,000 immersive art grant.
Your vampire powers make it possible to kill easily in 1918 London, but in Vampyr, the game's characters will notice when someone comes up missing.