WikiLeaks is back again with a stash of "leaked" documents. The latest Vault 7 data extracted from the CIA is about the "Cherry Blossom" firmware modification program.
The firmware modification program enabled intelligence agencies to modify the firmware in a networking company's factories. However, the modification program seems to be ineffective for Apple AirPort router hardware. The Vault 7 reports that with the help of the program, CIA was able to modify surveillance target's web traffic, extract passwords, and track website visits through the hacked router. The program uses the tool "Claymore" to install the package on target's system or router. Another method is through a "supply-chain operation" in the factories.
The documents revealed by the Vault 7 include files that were generated by the CIA in the year 2012. According to the report, devices like Asus, Belkin, Buffalo, Dell, DLink, Linksys, Motorola, Netgear, Senao, and US Robotics were penetrated by the hack program. All these devices were susceptible to the attack. According to the report by WikiLeaks, the key partner in developing the tool for CIA was Stanford Research Institute.
Apple wireless networking equipment was earlier reported to be insusceptible to the "Harpy Eagle" project that was created to penetrate through Apple AirPort hardware. The project failed to get through Apple's network hardware. All the hack efforts were blocked by the combination of Apple's sophisticated encryption and custom hardware model. Even now, the CIA has no reliable program to target Apple's AirPort router hardware. It means that if the CIA target uses network through Apple's AirPort router hardware, then it is not possible for the intelligence agencies to bug his router.
Apple Tightened Security
Since the Vault 7's data dump from 2015, Apple has tightened its security efforts. The Cupertino giant released four firmware updates to keep block the efforts of intelligence agencies. The company also revealed that after the initial reports from WikiLeaks, it had patched many CIA exploits for iOS 10.
As good as Apple's current efforts sound, but the future does not look as certain for the current lineup of routers including AirPort Extreme, Time Capsule, and the AirPort Express. However, there is a possibility for other Apple products getting the same level of security firewall. The AirPort Express network extender and AirPlay audio target are yet to get an update to the 802.11ac Wi-Fi specification.
