A new batch of confidential “Vault 7” documents, leaked by the non-profit whistleblower organization WikiLeaks, has revealed that the United States Central Intelligence Agency has been hacking routers from major brands for years, turning them into surveillance devices.
The reported “Cherry Blossom” tool can modify a router’s firmware without a victim’s knowledge, giving the attacker a wide range of capabilities like eavesdropping on network traffic, gathering passwords, scanning for email addresses and phone numbers and more.
The attacker even has the power to redirect an unsuspecting user to a particular website, including government-created webpages used for phishing purposes.
Once infected, the backdoor remains functional even after a router is updated to a newer firmware version, so long as it has not changed its underlying hardware or operating system.
The hack cannot be deployed remotely. Instead, the CIA can install it on a target router using its Claymore tool or by side-loading a compromised firmware using supply chain tactics (intercepting the target device between the factory and the end user).
ZDNet reports that the documents reveal that the “Cherry Blossom” hack supports more than two-dozen router models from major manufacturers.
Among the compromised router brands are the devices from Asus, Belkin, Buffalo, Dell, Dlink, Linksys, Motorola, Netgear, Senao and US Robotics. However, Apple’s AirPort devices don’t seem to be among them, but the fact they’re not listed doesn’t mean that the CIA hasn’t hacked Time Capsule and AirPort devices.