Apple AirPort not on latest 'Vault 7' list of gear susceptible to factory firmware hack by...

Posted:
in General Discussion edited June 2017
The latest dump of "leaked" documents from WikiLeaks reportedly from the CIA details the "Cherry Blossom" firmware modification program, which allowed intelligence agencies to change firmware in a networking company's factories -- but Apple AirPort hardware appears to be unaffected by the effort.




The latest dump from the "Vault 7" data details the program where the U.S. CIA was able to redirect a surveillance target's web traffic, scan for passwords, and monitor site visits from a penetrated router. The two methods of installing the package are either another undetailed tool called Claymore, or through a "supply-chain operation" in the factories or distribution chains themselves.

The document dump of files generated by the CIA from as late as 2012 claims that devices from Asus, Belkin, Buffalo, Dell, DLink, Linksys, Motorola, Netgear, Senao, and US Robotics were susceptible to the attack vector. According to WikiLeaks, the Stanford Research Institute was a key partner in developing the CIA's tool.

A "Vault 7" dump surrounding Apple wireless networking equipment circulated in March. The "Harpy Eagle" project sought to penetrate the AirPort family of hardware, but failed with all efforts stymied by a combination of Apple's encryption efforts, and the company's custom hardware solutions.

There were no no fully functional or reliable exploits published that allowed the CIA to insert itself in a target's network through AirPort router hardware. Since the data dump's conclusion at the end of 2015, Apple has released four firmware updates for the hardware, further setting back the intelligence community's efforts.

Apple revealed after the initial data dump that it had patched most of the CIA's exploits in iOS 10.

The future of Apple's AirPort hardware is unclear. Internal departmental changes, reinforced by a report about Apple engineers now at eero, suggest that Apple has no plans to update its existing lineup of routers, including the AirPort Extreme, Time Capsule, and AirPort Express, but do not discount the possibility of the functionality being added to a different product. Apple's AirPort Express network extender and AirPlay audio target have not even been updated to the 802.11ac Wi-Fi specification, many years after release.

Without specifically confirming the dissolution of the AirPort hardware division, AppleInsider has been told by sources within Apple not authorized to speak on behalf of the company that the AirPort ecosystem back to the 802.11n version of the AirPort Extreme basestation would be made "as safe as possible for as long as possible."
gilly33
«134

Comments

  • Reply 1 of 63
    Mike WuertheleMike Wuerthele Posts: 4,967administrator

    Since I've got the keys tonight, we're leaving this thread open, as long as you all behave with each other and treat each other as reasonable human beings. 


    As a reminder, the news-item forum traffic is less than 5% of AI's traffic, and comments you leave are Google-searchable. Some of us work here -- so don't ruin it for us.

    edited June 2017 Macsplosioniqatedowatto_cobrabaconstangpatchythepirateradarthekat[Deleted User]propodGrimzahnpscooter63
  • Reply 2 of 63
    gilly33gilly33 Posts: 293member
    Glad to know Airport hasn't been exploited. Would be nice though to learn what Apple plans to do with the hardware. I have the flat AirPort Extreme. Not too long ago the Comcast modem/router was not playing nice with the AirPort Extreme and the Comcast techs were saying just use their router. I replied 'thanks but no thanks!' I'm happy with every Apple product I own. If only I had stock in the company now that would truly make my day. Lol. 
    jbdragonwatto_cobrabaconstangradarthekatargonautpscooter63razorpitdysamoriabshank
  • Reply 3 of 63
    razormaidrazormaid Posts: 299member
    If Apple knows this then why on Earth are they wanting to kill off Airport Extreme Routers?  I would probably be one of those who rushes out and buys them all up but that would be useless if Apple stop sending out firmware updates once it kills it off.  This doesn't make sense to me.  You'd think they would expand on Airport not kill it off.
    MacProbaconstangrazorpitdysamoria
  • Reply 4 of 63
    irelandireland Posts: 17,684member
    Makes you wonder who the bigger terrorists are.
    edited June 2017 viclauyycpropodargonautlongpathdysamoria
  • Reply 5 of 63
    StanWStanW Posts: 6member
    Yes it's so true about the AirPort Extreme Router. I have never had an issue with it and it works the best. I had ATT routers that were given to me free but they were useless. I don't understand why Apple wants to eliminate such excellent hardware.
    lolliverwatto_cobrapscooter63razorpitdysamoria
  • Reply 6 of 63
    rob53rob53 Posts: 2,101member
    ireland said:
    Makes you wonder who the bigger terrorists are.
    We all know the CIA is the largest terrorist organization in the world--and this isn't a political statement, it's a fact! Many Americans won't call them terrorists but everyone outside the USA will so the CIA is a terrorist organization to them.

    I do hope Apple is seeing and understanding the absence of a hack for their Airport routers. Simply build on what they already have and keep Apple customers safe. It's just a router, nothing more, so Apple could turn it into a hobby and just update it. They can stick it into their Siri box if they don't want to have a separate router, letting Siri configure it with voice instructions. 
    baconstangpropodargonautdysamoria
  • Reply 7 of 63
    irelandireland Posts: 17,684member

    As a reminder, the news-item forum traffic is less than 5% of AI's traffic, and comments you leave are Google-searchable. Some of us work here -- so don't ruin it for us.

    Can you elaborate? I’m a little confused by this.
    edited June 2017 razorpitStrangeDays
  • Reply 8 of 63
    rob53rob53 Posts: 2,101member

    gilly33 said:
    Glad to know Airport hasn't been exploited. Would be nice though to learn what Apple plans to do with the hardware. I have the flat AirPort Extreme. Not too long ago the Comcast modem/router was not playing nice with the AirPort Extreme and the Comcast techs were saying just use their router. I replied 'thanks but no thanks!' I'm happy with every Apple product I own. If only I had stock in the company now that would truly make my day. Lol. 
    I had the same problem with their new Technicolor gateway. It wouldn't let me put it in bridged mode to allow the use of my Airport. This is intentional because they want to control everything, including adding their slow as molasses xfinitywifi "public" WiFi hot-spot (public as long as you're a Comcast subscriber). I sent the stupid thing back, used my own cable modem then bought an older telephony modem so I could get the 2yr triple-play contract with 250Mbps speed for the same price as my current double-play at a slower speed without telephone service. The older telephony modem cost me $70 so it's paid for itself by not paying the $11/month rent for a garbage gateway.
    razorpit
  • Reply 9 of 63
    Mike WuertheleMike Wuerthele Posts: 4,967administrator
    ireland said:

    As a reminder, the news-item forum traffic is less than 5% of AI's traffic, and comments you leave are Google-searchable. Some of us work here -- so don't ruin it for us.

    Can you elaborate? I’m a little confused by this.
    Sure. 

    Stories where you guys get abusive with each other are down-ranked by Google SEO because of it. That said, we dig the forums, because you guys are (mostly) excellent, so we keep them open, despite taking far more than 5% of our daily labor.

    The last time we had a chat about Vault 7 stuff, it was civil, and on-topic, so I trust it can be that way again.
    edited June 2017 Macsplosioniqatedowatto_cobraradarthekatviclauyycargonautpscooter63dysamoria
  • Reply 10 of 63
    seanismorrisseanismorris Posts: 1,105member
    Has the code for the exploit been released (or how to do it) or was it just a description of the exploit?

    It sounds like you either need physical access to the router, or remote access -which is usually disabled by default.

    It's probably not safe to purchase any of these brands sold through middleman (Amazon/EBay, etc) from now on because they could have been tampered with.

    I bet the router manufacturers are fuming ; )

    These routers security has always been bad... now they're approaching unusable.



    watto_cobraradarthekatlongpath
  • Reply 11 of 63
    jdwjdw Posts: 800member
    Stories where you guys get abusive with each other are down-ranked by Google SEO because of it. That said, we dig the forums, because you guys are (mostly) excellent, so we keep them open, despite taking far more than 5% of our daily labor.
    I for one appreciate that clarification.  I've long wondered why this site was extraordinarily strict about its forums.  I never imaged the reason was SEO!  However, it would work the same at MacRumors too, I would think.  Nevertheless, they merely prevent people with fewer than 100 posts from commenting under their "political" articles.  

    I am pleased that AppleInsider leaves FaceBook comments open, even on politically-fired articles.  It's rather liberating to hope on FaceBook and post a comment when you can't do that here in this forum.

    All said, freedom can be abused, but it's worth it!  

    Thanks for the great site, articles and product reviews, Mike!  Best wishes to your team.
    watto_cobra
  • Reply 12 of 63
    I do not understand why Apple wants to kill AirPort, especially considering its appreciation for security and privacy.
    MacProwatto_cobralongpathdysamoria
  • Reply 13 of 63
    Mike WuertheleMike Wuerthele Posts: 4,967administrator
    jdw said:
    Stories where you guys get abusive with each other are down-ranked by Google SEO because of it. That said, we dig the forums, because you guys are (mostly) excellent, so we keep them open, despite taking far more than 5% of our daily labor.
    I for one appreciate that clarification.  I've long wondered why this site was extraordinarily strict about its forums.  I never imaged the reason was SEO!  However, it would work the same at MacRumors too, I would think.  Nevertheless, they merely prevent people with fewer than 100 posts from commenting under their "political" articles.  

    I am pleased that AppleInsider leaves FaceBook comments open, even on politically-fired articles.  It's rather liberating to hope on FaceBook and post a comment when you can't do that here in this forum.

    All said, freedom can be abused, but it's worth it!  

    Thanks for the great site, articles and product reviews, Mike!  Best wishes to your team.
    Appreciate it. Not sure what MR's forums are like monetarily, but I do know that I wouldn't want to hang out over there just based on behavior and attitude from what is in all likelihood a small proportion of users. I think they rely on a great deal of free labor -- even more than we do -- to deal with it.

    I do agree that most of the forum rabble-rousing here is caused by drive-by accounts, but they sometimes bring out the worst in people, leading to escalation.
    edited June 2017
  • Reply 14 of 63
    Mike WuertheleMike Wuerthele Posts: 4,967administrator

    Has the code for the exploit been released (or how to do it) or was it just a description of the exploit?

    It sounds like you either need physical access to the router, or remote access -which is usually disabled by default.

    It's probably not safe to purchase any of these brands sold through middleman (Amazon/EBay, etc) from now on because they could have been tampered with.

    I bet the router manufacturers are fuming ; )

    These routers security has always been bad... now they're approaching unusable.



    1) No code was released.
    2) You do need physical access to the router -- and they were getting it either in the factory, at retail, or before delivery.
    3) Probably.
    4) Probably.
    irelanddysamoria
  • Reply 15 of 63
    MacProMacPro Posts: 18,414member

    Since I've got the keys tonight, we're leaving this thread open, as long as you all behave with each other and treat each other as reasonable human beings. 


    As a reminder, the news-item forum traffic is less than 5% of AI's traffic, and comments you leave are Google-searchable. Some of us work here -- so don't ruin it for us.

    ROFL, not laughing at the sentiment, just the thought of everyone going home and you left there to lock up ;)
    edited June 2017 baconstangGeorgeBMacpscooter63
  • Reply 16 of 63
    maltzmaltz Posts: 148member
    Um... an Apple Airport Express is indeed on the list of compromised routers.  It's an older 802.11g model, but the entire document seems ancient.  There's not even a column for 802.11n, much less 802.11ac.  The compromised Apple router was probably current at the time this was written.  Are there *any* even remotely current routers on the list?  It seems rather naïve to be doing much bragging here.
    dysamoriarazorpit
  • Reply 17 of 63
    MacProMacPro Posts: 18,414member
    gilly33 said:
    Glad to know Airport hasn't been exploited. Would be nice though to learn what Apple plans to do with the hardware. I have the flat AirPort Extreme. Not too long ago the Comcast modem/router was not playing nice with the AirPort Extreme and the Comcast techs were saying just use their router. I replied 'thanks but no thanks!' I'm happy with every Apple product I own. If only I had stock in the company now that would truly make my day. Lol. 
    'Comcast' and 'Techs' used in the same sentence?   :o

    Seriously, I just hang the Apple gear off the Comcast box using ethernet and turn off the Comcast Wi-Fi.  Firstly because like you I love my Apple routers and secondly that Xfinity Public access stuff creeps me out!  I know you can disable it but none of our neighbors seem to know that.
    GeorgeBMac
  • Reply 18 of 63
    Mike WuertheleMike Wuerthele Posts: 4,967administrator
    maltz said:
    Um... an Apple Airport Express is indeed on the list of compromised routers.  It's an older 802.11g model, but the entire document seems ancient.  There's not even a column for 802.11n, much less 802.11ac.  The compromised Apple router was probably current at the time this was written.  Are there *any* even remotely current routers on the list?  It seems rather naïve to be doing much bragging here.
    The document is from 2012, and the 802.11g version of the Airport based on Apple hardware, and not a straight Broadcomm migration was long gone at that point

    The 802.11g AirPort was discontinued in 2008. More than half of the routers on the list from third parties were still actively shipping in 2012.
    edited June 2017 lolliverradarthekatdysamoria
  • Reply 19 of 63
    neebongneebong Posts: 12member
    Am i the only person to read the title quickly and go "Apple Airport??? I diddnt know Apple had an airport"

    /stupid
    dysamoria
  • Reply 20 of 63
    boltsfan17boltsfan17 Posts: 2,198member
    StanW said:
    Yes it's so true about the AirPort Extreme Router. I have never had an issue with it and it works the best. I had ATT routers that were given to me free but they were useless. I don't understand why Apple wants to eliminate such excellent hardware.
    I wish Apple would update the AirPort Extreme. Its hands down the best router I've ever owned. 
    lollivermike54dysamoriarazorpittallest skil
Sign In or Register to comment.