A project established by the CIA’s Information Operations Agency Embedded Development Branch to explore and exploit security vulnerabilities on Apple Airport Extreme and Time Capsule networked devices. HarpyEagle is used to gain root access on an Apple Airport Extreme and Time Capsule via local and/or remote means to install a persistent rootkit into the flash storage of the devices.
The HarpyEagle project includes a set of related software tools, not all of which are original to the CIA:
BadUSB - taken from a paper and talk concerning a vulnerability of USB firmware. CIA developers explored this as a possible vector for infecting target devices via USB thumbdrives.
USBRubberDucky - a Keyboard Injection Tool that operated on USB keyboard emulation.
Facedancer21 - a client for keyboard emulation to send keystrokes to a host computer as if you typed into a keyboard. It’s likely based off the USB Rubber Ducky.
GoodFET - “a nifty little tool for quickly exposing embedded system buses to userland Python code.”
Products sold by OpenVault are for entertainment and educational purposes only. Customer’s are purchasing a physical copy of digital artwork (Software box).