Skip to main content

Wikileaks release reveals CIA broke into many popular wireless routers

wikileaks release reveals cia router hacking tool flag
Wikileaks and its cache of CIA documents are making the news again, this time concerning an agency tool that is used to hack into a variety of the most popular Wi-Fi routers. Apparently, the tool allowed the CIA to break into routers and perform a variety of surveillance and other functions for years now, ZDNet reports.

The documents, which could not be immediately verified, are part of an ongoing series of leaks released by the website WikiLeaks.

Dubbed “Cherry Blossom,” the hacking tool was able to attack around 25 routers from a variety of manufacturers in 2012. According to a document titled “Cherry Bomb: Cherry Blossom (CB) User’s Manual,” the tool can essentially be injected into the router’s original firmware and then a new version with CB implanted can be used to upgrade the router.

According to the document:

“As of August 2012, CB-implanted firmware can be built for roughly 25 different devices from 10 different manufacturers (including Asus, Belkin, Buffalo, Dell, Dlink, Linksys, Motorola, Netgear, Senao, and US Robotics), although only 7 devices have undergone the formal FAT procedure … Additionally, the CB implant has been built for a few Motorola WiMax devices under the Roundhouse project.”

CB allowed the CIA to perform a number of functions once a router was compromised, all included under the general category of creating a “Flytrap.” A Flytrap is defined in the document as “a wireless device that has been implanted with CB firmware,” and it can do everything from hiding its presence, to sending a beacon reporting its status and security settings, to committing suicide if it cannot send a beacon.


Once it is up and running, the Flytrap can harvest email addresses and chat users, redirect browsers to whatever site the CIA desires, and more. All of this can be targeted by a user’s email address, geolocation, wireless adapter address, chat usernames, and voice-over-IP (VoIP) phone numbers. Simply put, a router that has been compromised by CB become a fairly powerful tool that allows the CIA to direct a target’s internet usage and gather significant amounts of information.

There are many additional details in the leaked document, and as ZDNet points out there is no indication of whether the CIA is still using Cherry Blossom. Router vulnerabilities are well-documented lately and in a twist of irony, the Federal Trade Commission (FTC) has been active in pushing router manufacturers to improve their security. In the meantime, the best that users can do is make sure that their routers are updated with the latest firmware and then hope that the manufacturers are doing their jobs in making them more secure.

Editors' Recommendations