The CIA has had the ability to turn routers and network access points into surveillance devices for years, according to secret documents published by WikiLeaks on Thursday.
In the latest installment of its Vault 7 series of leaks, WikiLeaks has disclosed an alleged CIA program known as CherryBlossom. The purpose of the initiative is to replace a router’s firmware with a CIA-modified version known as FlyTrap. In some cases, WikiLeaks says, physical access to the device may not even be necessary.
The potential applications of this toolkit are harrowing. With control over their router, a remote observer could monitor the target’s local network and internet traffic and inject malicious malware for a variety of purposes—injecting keyloggers to collect passwords or seizing control of a device’s camera and microphone, for example.
Further, CherryBlossom would allow the CIA to detect when a person is using their home network and divert the user’s traffic through predetermined servers.
Most of the router listed in the leak are older models, indicating that the documents themselves may be somewhat outdated, though there are undoubtedly plenty of targets still using the affected devices. One document, which is not dated, lists over 200 WiFi devices allegedly susceptible to the CherryBlossom program..
Once FlyTrap is deployed successfully, agents are able to monitor the target using a web-based platform called CherryWeb, the documents say. The command-and-control server that receives the data collected by FlyTrap is codenamed CherryTree.
The CherryBlossom disclosure is part of an ongoing WikiLeaks series titled Vault 7 which began on March 7 with the leaking of weaponized 0-day exploits used by the CIA in targeting a wide range of US and foreign products, including iPhones, Android devices, and Samsung TVs.
The CIA did not immediately respond to a request for comment.