Network equipment maker Linksys has issued an advisory based on the latest Wikileaks “Vault 7” releases. The advisory warns customers of a CIA firmware implant called “CherryBlossom” that has reportedly infected the company’s older routers.
Wikileaks released details of the CherryBlossom project a week ago. The firmware turns at least 25 models of commonly-used home routers into surveillance devices. According to Linksys, its purpose is to monitor, control and manipulate all in and outgoing traffic. It also permits the infection of other connected devices.
Linksys warned the firmware can be loaded onto a router via physical access to the device and proximity to it via wi-fi. Hardware may also be intercepted in transit before delivery to the end user.
The company has published a firmware update to rid its devices of the compromise It advises them to install the update and perform a factory reset, and disable features like Guest Access and Universal Plug and Play (UPnP) if they’re not being used.
Companies Defending Customers Against the Government
It’s interesting to see large companies responding to “illegally” leaked documents simply to protect their customers. It’s a bizarre landscape where U.S. companies list ways for their customers to defend themselves against being “infected” and “compromised” by the U.S. federal government.
Although the advisory avoids language like “CIA”, “malware” and “attack”, it’s clear the adversary in this case is a government agency. It’s hard to recall any time in history where a similar situation has existed.
Government Hacking Tools Linked to Ransomware Attacks
The so-called “Vault 7” projects are only public knowledge after Wikileaks began publishing them in March this year. The trove of information contains details and manuals for a number of surveillance tools believed to originate from the CIA.
As well as CherryBlossom, there are other ominously-named tools like Windows hacking techniques “Brutal Kangaroo” and “Pandemic”, plus Samsung smart TV implant “Weeping Angel”.
The CIA, Wikileaks claimed, has “lost control” of most of its hacking tools. Wikileaks did not publish any of the CIA’s actual software tools, but an underground group called the Shadow Brokers has been releasing similar tools from the NSA. The massive “WannaCry” ransomware attacks in May were a direct result of the Shadow Brokers’ release.
What do you think of the CIA hacking consumer electronics? Let’s hear your thoughts.
Images via Linksys, MyAuctionPics.com