June 16th, 2017: Yesterday, a Wikileaks release showed that Wifi routers are susceptible to hacking using tools created by the CIA. According to Wired:
Your Wifi router, sitting in the corner of your home accumulating dust and unpatched security flaws, provides an attractive target for hackers. Including, according to a new WikiLeaks release, the CIA.
Wikileaks released a detailed account of the CIA router hacking toolkit. According to the document, the CIA has been hacking into routers for years and using them to spy on device owners.
Wikileaks has been posting secret CIA files for months, in a package called Vault7. In this latest release, we can see how the agency has been exploiting certain vulnerabilities found in common household routers sold by companies such as D-Link and Linksys.
How Will This Affect You?
You may say, “Okay, so the CIA can spy on me. I’m not doing anything wrong, so I have nothing to worry about, right?” Unfortunately, it is not just the CIA you have to worry about.
When exploits like these are leaked to the world, they become fair game to cybercriminals. A criminal hacker can now use government surveillance tools to steal your data or blackmail you. These tools can do a lot of damage when they fall into the wrong hands as they did with the WannaCry attack.
How Do They Do It?
The process of hacking begins with a tool known as Claymore, which scans the network for devices. Next, the leaked files mention two exploits that are used to gain access to the router: Tomato and Surfside.
Surfside isn’t discussed in great detail. While the leaks do not explicitly tell us how Tomato works, we do know what it does. It targets the administrative passwords of the devices.
Tomato specifically targets two different known vulnerabilities in at least two routers sold by D-Link and Linksys. In the files, it also states that the with a few more weeks of developing the exploit, Tomato will be able to target two other Linksys routers. It is unclear if the manufacturers have patched the vulnerabilities.
Another problem with router security is the physical device itself. Many have the administrative passwords stuck onto the back of the device, so if these exploits don’t work, the desired effect can be reached through physical access.
The next step is for the hackers to use these obtained credentials to install their firmware onto the router. This advanced firmware called CherryBlossom is a surveillance tool. It allows the agency to monitor your internet activity and scan for personal information.
What Is The Solution?
As we have said many times, routers just do not provide enough protection for your home. The reason that routers make such a great target for hackers is that once they’ve been hacked, they show no signs that they had been compromised. There is literally nothing to notify you that your home’s router is being hacked. You continue to use the internet as usual, except now the hacker can see everything you are doing.
You can protect yourself from a violation of privacy by making sure to patch your router at home. Routers are not secure devices and can offer unauthorized parties access to your most critical, sensitive data. Antivirus software does not protect routers, making it obsolete in this scenario.
There have been other cases where it was proven that the CIA had been hacking into Smart TVs via a tool called Weeping Angel. This hack would turn your television into a live microphone, further showing us just how unsafe internet connected household devices are.
This is where CUJO can help. CUJO smart firewall identifies, notifies you, and blocks any malicious traffic anywhere on your network. It does what traditional Antivirus software and routers cannot do: to protect all internet-connected devices in your home from prying eyes that are looking to steal your data and privacy.