Leaked Files Show How the CIA Can Hack Your Router to Spy on You

Photo: Getty
Photo: Getty

The CIA has had the ability to turn routers and network access points into surveillance devices for years, according to secret documents published by WikiLeaks on Thursday.


In the latest installment of its Vault 7 series of leaks, WikiLeaks has disclosed an alleged CIA program known as CherryBlossom. The purpose of the initiative is to replace a router’s firmware with a CIA-modified version known as FlyTrap. In some cases, WikiLeaks says, physical access to the device may not even be necessary.

The potential applications of this toolkit are harrowing. With control over their router, a remote observer could monitor the target’s local network and internet traffic and inject malicious malware for a variety of purposes—injecting keyloggers to collect passwords or seizing control of a device’s camera and microphone, for example.

Further, CherryBlossom would allow the CIA to detect when a person is using their home network and divert the user’s traffic through predetermined servers.

Illustration for article titled Leaked Files Show How the CIA Can Hack Your Router to Spy on You

Most of the router listed in the leak are older models, indicating that the documents themselves may be somewhat outdated, though there are undoubtedly plenty of targets still using the affected devices. One document, which is not dated, lists over 200 WiFi devices allegedly susceptible to the CherryBlossom program..

Once FlyTrap is deployed successfully, agents are able to monitor the target using a web-based platform called CherryWeb, the documents say. The command-and-control server that receives the data collected by FlyTrap is codenamed CherryTree.


The CherryBlossom disclosure is part of an ongoing WikiLeaks series titled Vault 7 which began on March 7 with the leaking of weaponized 0-day exploits used by the CIA in targeting a wide range of US and foreign products, including iPhones, Android devices, and Samsung TVs.

The CIA did not immediately respond to a request for comment.


Senior Reporter, Privacy & Security



So if I’m reading this correct, the “flytrap” is hardware based, right? Someone would need physical access to the router for any of this to work. This would require an agency to invest actual resources to spy on you specifically. I also presume they would require a warrant to plant the device. I’m not too worried about that.

Nor is it a big concern that hackers might use it for identity theft. If they have physical access to your network, there are dozens of different ways to monitor, inject, redirect, etc. If you are already physically securing your hardware which is rule #1 in cybersecurity, this isn’t a new threat just a new flavor of an old threat.