The CIA has had the tools to take over your router for over a decade, according to government documents leaked by Wikileaks. The software, CherryBlossom, is a custom Linux operating system (OS) that allows the attacker to use the device in a man-in-the-middle (MITM) attack. The attack vector itself reminds us that our unprotected internet traffic is as vulnerable as can be. Wikileaks emphasized that for many models of routers, an attacker might not even need physical access to the device to compromise it:
“The wireless device itself is compromised by implanting a customized CherryBlossom firmware on it; some devices allow upgrading their firmware over a wireless link, so no physical access to the device is necessary for a successful infection.”
CherryBlossom compromised routers have been around for years
The decades old document detailing the CherryBlossom firmware was released by Wikileaks as part of the Vault 7 leaks earlier this year in June. If you’re curious, the 175 page document describing the OS can be found here. Officially, 25 router models are affected; however, experts say that the software could easily be used on 100+ devices with minor tweaks. The affected router brands include other major brands such as Netgear, Motorola, Asus, Intel, Cisco, and more. A full list of targeted devices revealed in the docs can be found here, courtesy of QZ. Interestingly, CherryBlossom was developed with the help of SRI International, the creators of SIRI.
…And there could be others, so use a VPN
As with much of the other Vault 7 leaks, we are only given a snapshot of three letter agency capabilities at that time. It’s not unreasonable to assume that the same or similar exploitation vectors weren’t used to obtain reproducible control of newer hardware. Internet users need to stay vigilant and learn