CIA "Cherry Blossom" router spying

Message

#1 Post by **palmboy5** » Fri Jun 16, 2017 5:30 pm

https://wikileaks.org/vault7/document/S ... pagination

List of supported router models includes the ever popular WRT54G/L, including DD-WRT...

Directive · #2 Post by **Directive** » Fri Jun 16, 2017 6:17 pm

Not sure what "Cherry Blossom FAT Procedures [CDRL-14]" means. I did a google search and got results about removing double chins and trimming fat from your belly. My router is not on the list. I have a Netgear R6300v2 Should I be worried?

#3 Post by **palmboy5** » Tue Jun 20, 2017 5:57 am

I'm going to assume that they have a way into most consumer routers, this specific exploit they used for these routers only being one of the leaked methods.

Cherry Blossom uses a vulnerability in the UPnP feature, so if you turn that feature off you should be relatively.. safer.

The real takeaway I had from this was that it worked against DD-WRT as well. That is the most scary because I can only assume that a more-or-less universal OS like DD-WRT would mean their method of exploit would work on ALL DD-WRT routers.

Directive · #4 Post by **Directive** » Tue Jun 20, 2017 6:16 pm

I am glad I asked. So it effects UPnP? I enable UPnP on some DVRs I install for network access. Is it all the router end or the device end?

#5 Post by **palmboy5** » Wed Jun 21, 2017 1:51 am

https://arstechnica.com/security/2017/0 ... t=33505099

You should always disable UPnP on any router, IMO, unless you have a very good reason not to do so. Generally speaking, anything that allows a device to automatically adjust settings is a horrible security vulnerability waiting to happen. With how critical a router is to overall security of a network, it's a no-brainer to kill as much as possible.

Come to think of it, I don't remember turning UPnP off on mine.

<UPDATE>was off already</UPDATE>

Of course, if they already got in your router while it was vulnerable, changing the setting after the fact is meaningless.

Directive · #6 Post by **Directive** » Wed Jun 21, 2017 6:30 pm

So, UPnP is only vulnerable at the router, not the device? Just to make sure, I can enable UPnP on a device and not the router and the device will still use it?
I am not too concerned about hacking. I do not broadcast my SSID, using firewalls, and looking into some kind of VPN. Plus the fact I am a nobody of no importance

#7 Post by **palmboy5** » Wed Jun 21, 2017 11:23 pm

I don't use UPnP so I don't know much, but I doubt you were using or need the router to support UPnP. UPnP traffic between devices should work regardless of what the router is set to do. AFAIK

Directive · #8 Post by **Directive** » Thu Jun 22, 2017 5:44 pm

Bandwidth Place 2

CIA "Cherry Blossom" router spying

CIA "Cherry Blossom" router spying

Re: CIA "Cherry Blossom" router spying

Re: CIA "Cherry Blossom" router spying

Re: CIA "Cherry Blossom" router spying

Re: CIA "Cherry Blossom" router spying

Re: CIA "Cherry Blossom" router spying

Re: CIA "Cherry Blossom" router spying

Re: CIA "Cherry Blossom" router spying