Posted on June 16, 2017 at 2:52 PM
A new trend involving made known by WikiLeaks has put the American Central Intelligence Agency (CIA) in the spotlight for all the wrong reasons yet again. This time it is reported that the CIA has devised a way to gain access to the router of individuals without their consent or approval.
A detailed compilation of the algorithm was made known by WikiLeaks. This is just one of the many files uncovered and made available of the CIA’s intrusive ways; it shows how the agency takes advantage of the weakness of routers sold by companies like D-Link and Linksys. Their approach begins from breaching the network passwords to reconfiguring the firmware to gain remote access so as to monitor the traffic flow across a targeted network.
It should be known that routers make an exciting loophole for hackers, not excluding the CIA; this is because they leave virtually no signs after they have been compromised. This much was made known by Mathew Hickey, a security expert and brain behind Hacker House. He went on further to say that the implication of this is that whatever it is you may be doing, the CIA is watching.
The information made available showed that the router breaching killchain used to hack the router by the CIA all began with a tool called Claymore. This tool has the capability to scan the devices and then deploy the CIA’s router-hacking tactic. The report named two scenarios named Surfside and Tomato.
In the case of Tomato, it seems to attack vulnerabilities in routers retailed by D-Link and Linksys; it is created to steal the devices’ passwords. The report further went on to indicate that at least two other routers retailed by Linksys could be targeted with tomato after a few more weeks of improvement.
However the websites do not actually explain Surside clearly or even the modus operandi of Tomato, but the information made available showed that it may abuse a process called UPNP that security experts have for a while alerted of its security liability.
It is however not yet clear if the loopholes still abound in the device or if they have been remediated. Even if a patch has been made available, the difficulty of getting upgrading router firmware implies that loopholes may go unaddressed for a long while. It was also made known that the administrative password of the router is always at the back of the router; for models in which Surfside wouldn’t function, physical access may.
With this information, a CIA spy could easily install their own software called Flytrap, on the individual’s router. That malware may watch the person’s browsing, strip the SSL encryption from visited web links and possibly put in other exploits in the traffic. Also, another firmware named CherryTree serves as a command and control system for the breached systems.
It should, however, be noted that given the average weakness of the normal home router, a breach by the CIA shouldn’t really be a surprise to anyone. Considering the fact that almost every home uses a router, and there is really no sure way to check an invasion, this makes it a really coded way to invade someone’s privacy.