Routers sit at the front gate of nearly every network, offering total access and few security measures to prevent remote attacks. If you can compromise someone’s router, you’ve got a window into everything they’re doing online.
According to new documents published by WikiLeaks, the CIA has been building and maintaining a host of tools to do just that. This morning, the group published new documents describing a program called Cherry Blossom, which uses a modified version of a given router’s firmware to turn it into a surveillance tool. Once in place, Cherry Blossom lets a remote agent monitor the target’s internet traffic, scan for useful information like passwords, and even redirect the target to a desired website.
The document is part of a series of publications on CIA hacking tools, including previous modules targeting Apple products and Samsung Smart TVs. As with previous publications, the document dates to 2012, and it’s unclear how the programs have developed in the five years since.
A diagram from the Cherry Blossom manual
The manual describes different versions of Cherry Blossom, each tailored to a specific brand and model of router. The pace of hardware upgrades seems to have made it arduous to support each model of router, but the document shows the most popular routers were accessible to Cherry Blossom.