WikiLeaks has released documents detailing exploitation by US intelligence agencies of router vulnerabilities. The group, headed by Julian Assange, released the internal US Central Intelligence Agency (CIA) documents on 15 June.
The newest round of the Vault 7 leaks, a tranche allegedly taken from the CIA’s hoard of exploits, came with an allegation that the agency had been using the vulnerability for years to enslave routers.
WikiLeaks wrote in its disclosing blogpost that “such Wi-Fi devices are commonly used as part of the Internet infrastructure in private homes, public spaces (bars, hotels or airports), small and medium-sized companies as well as enterprise offices.”
The post added, “These devices are the ideal spot for ‘Man-In-The-Middle’ attacks, as they can easily monitor, control and manipulate the Internet traffic of connected users.”
The leaked information comes from CherryBlossom, a joint project between the CIA and Stanford Research Institute. The documents detail the CIA’s modification of the router’s firmware which, dubbed FlyTrap, could monitor internet traffic and search for key pieces of information within it such as “email addresses, chat usernames, MAC addresses and VoIP numbers”.
Moreover, FlyTrap could be installed remotely and would even allow its controller to redirect internet traffic to arbitrary sites.
WikiLeaks’ documents detail the CIA’s attempts to exploit routers from a variety of manufacturers, such as D-Link and LinkSys.
Much has been made of the practice of vulnerability hoarding in the weeks following the WannaCry attack, which leveraged a vulnerability published by a group called the Shadow Brokers but was originally devised by a group purported to be linked to the National Security Agency (NSA). Intelligence agencies are widely regarded, and in some cases proven, to hoard vulnerabilities for their work.
The issue commonly sparks volatile reactions from government supporters as well as critics. However, the publication of these vulnerabilities by organisations such as WikiLeaks is also widely condemned.
The release of this router exploit is merely the latest in the series of Vault 7 dumps, allegedly taken from inside the CIA.
The first dump was called Dark Matter, which was designed to exploit Apple products. It was released by WikiLeaks as the maiden entry into a series of such dumps. Over the following few months, the group has released a new exploit roughly every week, with its most recent entry being Cherry Blossom.
This article originally appeared at scmagazineuk.com