Wikileaks has published its latest “Vault 7” batch of leaked CIA documents, which include details of the U.S. spy agencies “Cherry Blossom” firmware modification program. The program modifies router firmware to turn the devices into tools to be used for surveillance.
While the documents list a number of manufacturers who have had router firmware modified, Apple’s Airport routers seem to have dodged a bullet. Previously leaked documents have indicated the agency has targeted iOS and Mac devices in the past.
Once “Cherry Blossom” has been installed, the program can be used to monitor users’ internet traffic, search for passwords, and even redirect a target to a particular website.
The manual also describes how CIA agents might install the modified firmware. “In typical operation, a wireless device of interest is implanted with Cherry Blossom firmware, either using the Claymore tool or via a supply chain operation.” While documents have not been made public that detail the “Claymore” tool, the latter tactic refers to the practice of intercepting the target device somewhere between the factory and the end user.
While Apple’s Airport routers do not appear on the list, a number of network products that can be hacked using the Cherry Blossom firmware were listed. They include: Asus, Belkin, Buffalo, Dell, DLink, Linksys, Motorola, Netgear, Senao, and US Robotics.
The document leaked this week carries a 2012 date, so the CIA have likely modified their hacking methods and/or hacking targets since then.