Leaked Files Show How The CIA Can Hack People's Routers To Spy On Them

The CIA has had the ability to turn routers and network access points into surveillance devices for years, according to secret documents published by WikiLeaks on Friday.

Photo: Getty

In the latest instalment of its Vault 7 series of leaks, WikiLeaks has disclosed an alleged CIA program known as CherryBlossom. The purpose of the initiative is to replace a router's firmware with a CIA-modified version known as FlyTrap. In some cases, WikiLeaks says, physical access to the device may not even be necessary.

The potential applications of this toolkit are harrowing. With control over their router, a remote observer could monitor the target's local network and internet traffic and inject malicious malware for a variety of purposes -- injecting keyloggers to collect passwords or seizing control of a device's camera and microphone, for example.

Further, CherryBlossom would allow the CIA to detect when a person is using their home network and divert the user's traffic through predetermined servers.

Most of the router listed in the leak are older models, indicating that the documents themselves may be somewhat outdated, though there are undoubtedly plenty of targets still using the affected devices. One document, which is not dated, lists over 200 Wi-Fi devices allegedly susceptible to the CherryBlossom program..

Once FlyTrap is deployed successfully, agents are able to monitor the target using a web-based platform called CherryWeb, the documents say. The command-and-control server that receives the data collected by FlyTrap is codenamed CherryTree.

The CherryBlossom disclosure is part of an ongoing WikiLeaks series titled Vault 7 which began on March 7 with the leaking of weaponised 0-day exploits used by the CIA in targeting a wide range of US and foreign products, including iPhones, Android devices and Samsung TVs.

The CIA did not immediately respond to a request for comment.


    And wouldn't the CIA cry like a bitch if someone hacked into their system. Oh no it's terrible when Russia/China hacks them. Bad bad Russia/China for doing exactly the same.

    None of the modems listed in the 200 wi-fi devices are Huawei; could that have anything to do with why the US and AU governments had banned them?

      edthecow, weren't they just not allowed to be used in the NBN Network and some talk about perhaps some devices not being allowed, I can't remember there being anything concrete about Huawei being actually banned in AU?

      Plenty of people have Huawei routers. They were banned from government networks as punishment for China hacking the plans for the new ASIO headquarters. Nice try though.

        I admit to occasionally being a little paranoid but in this case... I was just trying to be funny. In my mind my comment was done in the voice of John Oliver from Last Week Tonight.

    This just in, the CIA finds ways to hack things to spy on people...a spy agency that finds new ways to Spy on people... is this really even news anymore?!

      is this really even news anymore?!Maybe not, but it should be broadcast system wide and loudly too. Just because they can doesn't mean they should be allowed to, at not without a warrant. People have become too blasé about their personal privacy these days.

        Who said anything about any of this being used without a Warrant? It merely pointed out a capability any rational person would probably assume they already have!

        I think people have become too paranoid about their privacy these days personally.

          Yeah after all, these days we all know we have ZERO privacy. :(

          As for the warrant comment he made they've been pushing laws in the US to gather data without a specific warrant for a specific person/location for awhile now. Pretty sure this is going to wind up being part of it (or whatever superseded this).

    LOL as if they have to hack routers ...they just ask Google

Join the discussion!

Trending Stories Right Now