Vault 7: Projects

This publication series is about specific projects related to the Vault 7 main publication.
SECRET//20350112
9.25 (U) Viewing Upgrade Alerts
(S) To view alerts related to owner-attempted upgrades, click the “View -> Upgrade
Alerts” menu link (see Figure 49).
Figure 49: Cherry Web View -> Upgrade Alerts Page
(S) The table lists upgrade alert info, including the Flytrap on which the upgrade event
occurred, time of the event, client MAC and IP address of client that triggered the event,
and event type:
• Upgrade page visited indicates that the owner navigated to the device’s firmware
upgrade page
• Upgrade attempted indicates that the owner attempted to upgrade the firmware.
In the case of a Flytrap configured with the Firmware Upgrade Inhibit option, the
Flytrap will only send an “upgrade attempt” Upgrade Alert in the case where the
owner has somehow subverted the Upgrade Inhibit (i.e., the Upgrade Inhibit
option prohibits the owner from performing a detectable upgrade attempt action).
In the case of a Flytrap without the Firmware Upgrade Inhibit option, an “upgrade
attempt” Upgrade Alert would likely signal the loss of the implant.
101
SECRET//20350112
View ->
Upgrade Alerts