Choosing a strong password for your Wi-Fi router wouldn’t have been enough to defend it from a reported Central Intelligence Agency hacking tool that WikiLeaks revealed this week.
The hacking software, known as CherryBlossom, is designed to allow CIA agents to replace the firmware of a wireless router with custom code that allows them to monitor its internet traffic remotely, according to a user manual WikiLeaks posted.
The manual was published in 2006 and last updated in 2012. It and related technical documents are part of WikiLeaks’ Vault7 trove of stolen intelligence, which the organization announced in March. The CIA has refused to comment on the trove, which was circulated among US government contractors, according to WikiLeaks, one of whom provided it to the organization.
Using CherryBlossom, the CIA would have been able to bypass a router’s security and access its firmware upgrade page using a variety of methods. Some require the router’s administrator username and password, while others, including a “Claymore tool,” have the built-in capability to guess the login credentials and wirelessly replace the firmware using a nearby laptop.
CherryBlossom’s software was able to compromise dozens of router models from D-Link, Linksys, US Robotics, and other manufacturers, according to the leaked documents. Some are consumer models, while others are designed for commercial installations like coffee shops and airports. Once a router is compromised, its communications to and from the CIA’s control server are encrypted and disguised to prevent detection.
Once the CIA gained acces to a router, the manual explains that agents could view network traffic and redirect requests made from web browsers for additional spying, among other capabilities.
Representatives from several router manufacturers did not immediately respond to requests for comment on Friday, nor did the Stanford Research Institute, which reportedly assisted the CIA in developing CherryBlossom, according to WikiLeaks.
Router manufacturers regularly issue security updates, so we could see CherryBlossom-specific fixes show up soon. In the meantime, if your router is on the list of affected devices, the best protection is to reset its firmware to its factory settings.