Home Security Vault 7: details of tools for hacking routers dumped

Vault 7: details of tools for hacking routers dumped

WikiLeaks has released documents from the CIA that show the spy agency was, for years, building and maintaining tools to hack into commonly used routers. The dump is part of the Vault 7 series that the whistle-blowing site began releasing on 7 March.

The CIA programme was called Cherry Blossom and it developed firmware that could be implanted in wireless networking devices, including access points and routers.

One of the manuals says: "An implanted device can then be used to monitor the Internet activity of, and deliver software exploits to, targets of interest. It should be
noted, however, that the CBlossom architecture does not limit itself to wireless devices – in general, wired network devices could be implanted/compromised in the same fashion to achieve the same goals."

The documents released date back to 2012.

Four ways of getting the implants onto routers are outlined. One is to use the firmware upgrade Web page over a wireless link, a this technique that does not need physical access but generally needs an administrator password.

The second method is to use a wireless upgrade package as some devices do not allow firmware upgrades over wireless links.

A third means is to use what the CIA calls a Claymore Tool, a survey, collection, and implant tool for wireless (802.11/WiFi) devices that first tries to determine device makes/models/versions in a region of interest. The collection function isn used to capture wireless traffic. The implant function can perform wireless firmware upgrades and incorporates the exploitation tools.

Finally, the the firmware upgrade Web page over a wireless link, a technique that is described as being likely to be used in a supply chain operation. Presumably, this means the implant was done with the co-operation of the manufacturer.

The documents show firmware was created for a long list of networking devices. The manufacturers include Aironet/Cisco, Allied Telesyn, 3Com, Accton, AMIT, Asustek, Belkin, Breezecom, Cameo, D-Link, Gemtek, Global Sun, Linksys, Motorola, Orinoco, Planet Tec, Senao, US Robotics and Z-Com.

It is unclear as to whether the programme is still running today.


Australia is a cyber espionage hot spot.

As we automate, script and move to the cloud, more and more businesses are reliant on infrastructure that has the high potential to be exposed to risk.

It only takes one awry email to expose an accounts’ payable process, and for cyber attackers to cost a business thousands of dollars.

In the free white paper ‘6 Steps to Improve your Business Cyber Security’ you’ll learn some simple steps you should be taking to prevent devastating and malicious cyber attacks from destroying your business.

Cyber security can no longer be ignored, in this white paper you’ll learn:

· How does business security get breached?
· What can it cost to get it wrong?
· 6 actionable tips



Ransomware is a type of malware that blocks access to your files and systems until you pay a ransom.

The first example of ransomware happened on September 5, 2013, when Cryptolocker was unleashed.

It quickly affected many systems with hackers requiring users to pay money for the decryption keys.

Find out how one company used backup and cloud storage software to protect their company’s PCs and recovered all of their systems after a ransomware strike.


Sam Varghese

website statistics

A professional journalist with decades of experience, Sam for nine years used DOS and then Windows, which led him to start experimenting with GNU/Linux in 1998. Since then he has written widely about the use of both free and open source software, and the people behind the code. His personal blog is titled Irregular Expression.


Popular News