Vault 7: Projects

This publication series is about specific projects related to the Vault 7 main publication.
5.25 (U) Viewing Upgrade Alerts
(S) To view alerts related to owner-attempted upgrades, click the “View Upgrade
Alerts” menu link (see Figure 46).
Figure 46: Cherry Web View Upgrade Alerts Page
(S) The table lists upgrade alert info, including the Flytrap on which the upgrade event
occurred, time of the event, client MAC and IP address of client that triggered the event,
and event type:
• Upgrade page visited indicates that the owner navigated to the device’s firmware
upgrade page
• Upgrade attempted indicates that the owner attempted to upgrade the firmware.
In the case of a Flytrap configured with the Firmware Upgrade Inhibit option, the
Flytrap will only send an “upgrade attempt” Upgrade Alert in the case where the
owner has somehow subverted the Upgrade Inhibit. In other words, when
operating as designed, the Upgrade Inhibit option prohibits the owner from
performing a detectable upgrade attempt action. In the case of a Flytrap without
the Firmware Upgrade Inhibit option, an “upgrade attempt” Upgrade Alert would
likely signal the loss of the implant.
60
View
Upgrade Alerts