15 June 2017 || Wired
Your Wi-Fi router, sitting in the corner of your home accumulating dust and unpatched security flaws, provides an attractive target for hackers. Including, according to a new WikiLeaks release, the CIA.
On Thursday, WikiLeaks published a detailed a set of descriptions and documentation for the CIA’s router-hacking toolkit. It’s the latest drip in the months-long trickle of secret CIA files it’s called Vault7, and it hints at how the agency leverages vulnerabilities in common routers sold by companies including D-Link and Linksys. The techniques range from hacking network passwords to rewriting device firmware to remotely monitor the traffic that flows across a target’s network. After reading up on them, you may find yourself itching to update your own long-neglected access point.
According to the leaked documentation, the CIA’s router-hacking killchain seems to start with a tool called Claymore, which can scan a network to identify devices and then launch the CIA’s router-hacking exploits. The leaked files cite two specific exploits, named Tomato and Surfside. Tomato appears to target vulnerabilities in at least two routers sold by D-Link and Linksys, and is designed to steal those devices’ administrative passwords. The files also note that at least two other routers sold by Linksys could be targeted with Tomato after a few more “manweeks” of development.