A new batch of confidential “Vault 7” documents, leaked by the non-profit whistleblower organization WikiLeaks, has revealed that the United States Central Intelligence Agency has been hacking routers from major brands for years, turning them into surveillance devices.

The reported “Cherry Blossom” tool can modify a router’s firmware without a victim’s knowledge, giving the attacker a wide range of capabilities like eavesdropping on network traffic, gathering passwords, scanning for email addresses and phone numbers and more.

The attacker even has the power to redirect an unsuspecting user to a particular website, including government-created webpages used for phishing purposes.

Once infected, the backdoor remains functional even after a router is updated to a newer firmware version, so long as it has not changed its underlying hardware or operating system.

The hack cannot be deployed remotely. Instead, the CIA can install it on a target router using its Claymore tool or by side-loading a compromised firmware using supply chain tactics (intercepting the target device between the factory and the end user).

ZDNet reports that the documents reveal that the “Cherry Blossom” hack supports more than two-dozen router models from major manufacturers.

Among the compromised router brands are the devices from Asus, Belkin, Buffalo, Dell, Dlink, Linksys, Motorola, Netgear, Senao and US Robotics. However, Apple’s AirPort devices don’t seem to be among them, but the fact they’re not listed doesn’t mean that the CIA hasn’t hacked Time Capsule and AirPort devices.

  • Of course they’ve been hacking routers for years. As an American tax payer, I’d be offended if my taxes wouldn’t go in part to the largest intelligence agency in the world to hack routers.

    • Joshua The-Legend Wiebe

      Sure, pay an agency to invade everyone’s privacy. That sounds like a good way to invest instead of using the money for health care, education, etc.

      • Adhithya Gokul

        Ever heard of Sarcasm

      • jalexcarter

        No, who’s that?

      • Joshua The-Legend Wiebe

        I have, sarcasm goes great in response to sarcasm.

  • Rodney Coleman

    You all are idiots if you think they haven’t…

    NOTHING IS SAFE!!! government basically invented the internet

    • Alex Wilson

      Everyone knows that AlGore invented the Internet… he even said so. 😉

  • Joshua The-Legend Wiebe

    Where’s Snowden when you need him?

  • Bugs Bunnay

    anyone better than them?

  • nova12

    without reviewing all the source materials, and relying only on this article, are they hacking routers domestically? because I thought he CIA’s jurisdiction was exclusively offshore (with NSA, FBI, etc operation dometstically).

    If so, this seems like a violation of their jurisdictional mandate, based on my understanding.

  • Cerberus The Wise

    Not surprised in the least. Just can’t shake the gut feeling that it’s probably being abused for countless privacy invasions.

  • This is not new or news or newsworthy. Track this CIA.