Page 1 of 1
CIA "Cherry Blossom" router spying
Posted: Fri Jun 16, 2017 5:30 pm
by palmboy5
https://wikileaks.org/vault7/document/S ... pagination
List of supported router models includes the ever popular WRT54G/L, including DD-WRT...
Re: CIA "Cherry Blossom" router spying
Posted: Fri Jun 16, 2017 6:17 pm
by Directive
Not sure what "Cherry Blossom FAT Procedures [CDRL-14]" means. I did a google search and got results about removing double chins and trimming fat from your belly. My router is not on the list. I have a
Netgear R6300v2 Should I be worried?
Re: CIA "Cherry Blossom" router spying
Posted: Tue Jun 20, 2017 5:57 am
by palmboy5
I'm going to assume that they have a way into most consumer routers, this specific exploit they used for these routers only being one of the leaked methods.
Cherry Blossom uses a vulnerability in the UPnP feature, so if you turn that feature off you should be relatively.. safer.
The real takeaway I had from this was that it worked against DD-WRT as well. That is the most scary because I can only assume that a more-or-less universal OS like DD-WRT would mean their method of exploit would work on ALL DD-WRT routers.
Re: CIA "Cherry Blossom" router spying
Posted: Tue Jun 20, 2017 6:16 pm
by Directive
I am glad I asked. So it effects UPnP? I enable UPnP on some DVRs I install for network access. Is it all the router end or the device end?
Re: CIA "Cherry Blossom" router spying
Posted: Wed Jun 21, 2017 1:51 am
by palmboy5
https://arstechnica.com/security/2017/0 ... t=33505099
You should always disable UPnP on any router, IMO, unless you have a very good reason not to do so. Generally speaking, anything that allows a device to automatically adjust settings is a horrible security vulnerability waiting to happen. With how critical a router is to overall security of a network, it's a no-brainer to kill as much as possible.
Come to think of it, I don't remember turning UPnP off on mine.
<UPDATE>was off already</UPDATE>
Of course, if they already got in your router while it was vulnerable, changing the setting after the fact is meaningless.
Re: CIA "Cherry Blossom" router spying
Posted: Wed Jun 21, 2017 6:30 pm
by Directive
So, UPnP is only vulnerable at the router, not the device? Just to make sure, I can enable UPnP on a device and not the router and the device will still use it?
I am not too concerned about hacking. I do not broadcast my SSID, using firewalls, and looking into some kind of VPN. Plus the fact I am a nobody of no importance
Re: CIA "Cherry Blossom" router spying
Posted: Wed Jun 21, 2017 11:23 pm
by palmboy5
I don't use UPnP so I don't know much, but I doubt you were using or need the router to support UPnP. UPnP traffic between devices should work regardless of what the router is set to do. AFAIK
Re: CIA "Cherry Blossom" router spying
Posted: Thu Jun 22, 2017 5:44 pm
by Directive
