WikiLeaks reveals list of home Wi-Fi routers that may be vulnerable to CIA hacking tools

Is your home Wi-Fi router on the list?


Ransomware and malware programs are growing, the safest of all MacOs are being infected, email client are being hacked, and the list of vulnerabilities is just growing longer. And for the past few months, the WikiLeaks has also been publishing a list of documents that describe a plethora of hacking tools, which it claims belongs to the US Central Intelligence Agency (CIA). And the latest document shared by WikiLeaks, was published on June 15, and it reveals a number of tools that can be used to hack into home Wi-Fi routers.

“CB [CherryBlossom] maintains an information database of wireless network devices in the “WiFi Devices.xls” document. This database contains information about hundreds of network devices, including manufacturer, make, model, version, reference design, FCC ID, network processor, wireless chipset, operating system, default username/password, etc. It also contains firmware analysis information about exact make, model, hardware versions, and firmware versions supported by CB,” Quatz quoted from the WikiLeaks report.

Essentially, if your Wi-Fi router is virtually broken into, the hacker can get access to your internet activity on networks that use the routers they infect. The tool in the said list have been referred to as “CherryBlossom”, which infect routers by identifying their make and model, which helps them in injecting malicious firmware into them. And the most dangerous bit of such a hack is that, when successful, it becomes nearly impossible to detect them, because such malware infect the hardware itself and is not something anti-virus software is capable of checking. ALSO READ: Apple Mac users are being warned of a new ransomware and spyware program

Coming back to the document, which reportedly belongs to the CIA, also consists of a list of routers and access points, some of which are more than five years old. The first list of devices, titled “WiFi Devices,” is described in the CherryBlossom user manual. Now, while it’s clear that the CherryBlossom project targeted the mentioned list of routers, however, it still remains unclear if they have actually been successfully compromised.

  • Allied Telesyn: AT-WA1004G, AT-WA7500, AT-WL2411
  • Ambit: (No models specified)
  • AMIT, Inc: WIS418, WQS418, WUC128
  • ANI Communications: (No models specified)
  • Apple: AirPort Express
  • Asustek Co: WL-160g, WL-300, WL-300g, WL-330, WL-330g, WL-500b, WL-500g
  • Belkin: F5D7230-4
  • Breezecom: AP-10, AP-10D, BU-DS.11, BU-DS.11D, DS.5800 Base Unit, RB-DS.11, RB-DS.11D, SA-10, SA-10D, SA-40, SA-40D, WB-10, WB-10D
  • Cameo: WLB-2006_2007, WLB-2203/2204, WLG-2002/2003, WLG-2204/2205
  • D-Link: AP Manager or D-View SNMP management module?, DCS-2100+, DCS-3220G, DCS-5300G, DCS-5300W, DI-514, DI-524, DI-624, DI-714P+, DI-774, DI-784, DI-824VUP, DP-311P, DP-311U, DPG-2000W, DP-G310, DP-G321, DSM-320, DVC-1100, DWL-1000AP+, DWL-120, DWL-1700AP, DWL-1750, DWL-2100AP, DWL-2200AP, DWL-7000AP, DWL-7100AP, DWL-800AP+, DWL-810+, DWL-G700AP, DWL-G730AP, DWL-G800AP, DWL-G810, DWL-G820
  • Epigram: (No models specified)
  • Gemtek: WADB-100G, WHAPC-100GE 11G, WHRTC-100GW, WX-1500, WX-1590, WX-1600, WX-1688, WX-2214, WX-2501, WX-5520A, WX-5520G, WX-5525G, WX-5525R, WX-5541, WX-5545, WX-5551, WX-5555, WX-5800, WX-5801, WX-5803
  • Global Sun: CM054RT, WL AP 2454 NM0, WL AP 2454 QA0, WL AP 2454 QA3, WL MU 2454 13I0, WL RT 2454 NM0, WL RT 2554 QA0, WL UD 2454 13I0
  • Hsing Tech: (No models specified)
  • Linksys: BEFW11S4, WAP11, WAP51AB, WAP54G, WAP55AG, WCG200, WET54G, WET54GS5, WGA11B, WGA54G, WMA11B, WMLS11B, WPG12, WPG54G, WPS11, WPS54GU2, WRE54G, WRT54G, WRT54GP2, WRT54GS, WRT55AG, WRV54G, WVC11B, WVC54G
  • Motorola: WR850G
  • Orinoco: AP-2000 Access Point, AP-2500 Access Point, AP-4000 Tri-Mode Access Point, AP-600 Access Point, Orinoco AP-700, Tsunami MP.11, Tsunami QuickBridge 11, Tsunami QuickBridge 20, Tsunami QuickBridge 60
  • Planet Tec: WAP-1963A, WAP-4030, WRT-413, WAP-1963, WAP-1966, WAP-4000, WAP-4050, WAP-5000, WAP-5100, WL-U356, WRT-403, WRT-410
  • RPT Int: (No models specified)
  • Senao: 5GHz/2.4GHz Dual Band Wireless Access Point, Aries2, Dual Band Wireless Access Point, Long Range Wireless Dongle, Long Range Wireless Outdoor Client Bridge, NL-2511AP PRO PLUS, NL2511SR Plus, NL2511SR Plus(A), NL-2611AP3 PLUS, NL-3054CB3 PLUS, Outdoor Wireless Access Point/Router, Outdoor Wireless Bridge, SL2511SR Plus, Wireless 11g Broadband Router, Wireless Multi-Client Bridge/Access Point
  • US Robotics: USR5420, USR5430, USR5450, USR8054
  • Z-Com: XG-1100, XG-2000, XG-3020, XG-580, XG-580Plus, XG-581, XG-582, XI-1450, XI-1500, XI-1510

Now, the reason why this list is pertinent to our readers in India as well, is that no hack is local anymore. It’s not just trade and travel that is global, but also vulnerabilities and hacks. And therefore it is never a bad idea to update your home router’s firmware, as these devices stand on the front line of your digital security. And in case your device is on the list, you must immediately flash your firmware. To do so, simply search the internet for your router’s make and model with the keyword “firmware,” and follow your vendor’s instructions. ALSO READ: Thailand Clickfarm bust: 3 men caught with 474 iPhones, 10 computers and 347,200 SIM cards

Further, according to WikiLeaks, the CherryBlossom release, also documents ways to target seven specific routers for use with “Flytrap”, which is a tool CherryBlossom uses to “beacon over the Internet to a Command & Control server referred to as the CherryTree.” The CherryBlossom documents included firmware flashing instructions labeled “Flytrap” for each of these router models.

  • Belkin: F5D8231
  • DLink: DIR130
  • Linksys: WRT320N, WRT54G, WRT300N, WRT54GL, WRT54GL
  • Published Date: June 19, 2017 5:31 PM IST