Routers under CIA check thanks to Cherry Blossom

Wikileaks in its latest report talks about a new spying tool used by the CIA that takes control of users' routers

The latest Wikileaks report, as if the previous ones were not enough, puts even more anxiety to Net users worried about their privacy. According to recent revelations, the CIA, thanks to a hacking tool called Cherry Blossom, can turn our routers into spy devices.

The firmware would have been inserted in a clandestine manner in most of the modems and routers currently in circulation. Wikileaks has spoken of dozens of models and manufacturers involved in this new scandal. Moreover, experts let it be known that the Cherry Blossom spying tool can also be added to devices that are not yet infected. To do so, CIA hackers use a fairly old and open source exploit code, called Tomato. The system acts very similar to the famous hacker attack called "Man in the Middle".

How it works

For those unfamiliar with the term in cryptography and computer security, man in the middle (often abbreviated to MITM, MIM, MIM attack or MITMA), in Italian "man in the middle", is a cyber attack in which someone secretly relays or alters communication between two parties who believe they are communicating directly with each other. According to Wikileaks, the CIA in the last period has increased the number of infected routers and according to the first figures there are at least a hundred cases of the attack. Once taken possession of the victim's router, the CIA uses this tool to monitor the navigation and the conversations on the Net. At the same time it can also read emails and manage incoming calls via VoIP. The main problem with this attack is that it acts using encryption. Every conversation stolen or monitored by the CIA is encoded in such a way that it is impossible to tell whether the router has been subjected to the attack in question or not. A scenario from a conspiracy book or movie. Meanwhile, Wikileaks has informed that the hacker attack would have been generated for the CIA by the Stanford Research Institute (SRI International), a non-profit company, at least on paper.