If your home wifi router is on this list, it might be vulnerable to CIA hacking tools

A partial list of routers targeted by CherryBlossom

For the past four months, WikiLeaks has been slowly publishing a series of documents that describe a plethora of hacking tools, which the anti-secrecy organization says belong to the US Central Intelligence Agency. The latest release, published June 15, is a batch of documents describing tools that can be used to hack home wifi routers.

The collection of tools, which the documents refer to as “CherryBlossom,” can be used to monitor internet activity on networks that use the routers it infects. CherryBlossom infects routers by identifying their make and model and injecting malicious firmware into them. This kind of hack, when successful, is nearly impossible to detect because it infects the hardware itself and is not something anti-virus software is capable of checking.

The documents include several lists of routers and access points, some of which are more than five years old. The first list of devices, titled simply “WiFi Devices,” is described in the CherryBlossom user manual :

CB [CherryBlossom] maintains an information database of wireless network devices in the “WiFi Devices.xls” document. This database contains information about hundreds of network devices, including manufacturer, make, model, version, reference design, FCC ID, network processor, wireless chipset, operating system, default username/password, etc. It also contains firmware analysis information about exact make, model, hardware versions, and firmware versions supported by CB.

In the version of the document WikiLeaks released, some of the information listed in that description is missing, including the firmware versions that CherryBlossom supports. So while it’s clear that the CherryBlossom project targeted the following list of routers, it is not clear which have been successfully compromised.

It is, however, never a bad idea to update your home router’s firmware, as these devices stand on the front line of your digital security. And if your device is on the list below, perhaps now is a good time to flash your firmware. To do so, simply search the internet for your router’s make and model with the keyword “firmware,” and follow your vendor’s instructions.

Routers and access points targeted by CherryBlossom

Again, while it’s clear that the CherryBlossom project targeted the following list of routers, it is not clear which have been successfully compromised:

Flytrap routers

Within the CherryBlossom release, there are also documents that appear to target seven specific routers for use with “Flytrap.” Flytrap is a tool CherryBlossom uses to “beacon over the Internet to a Command & Control server referred to as the CherryTree,” according to WikiLeaks.

The CherryBlossom documents included firmware flashing instructions labeled “Flytrap” for each of these router models:

Flytrap inventories

There are also two separate lists of devices in the CherryBlossom documents, named “Flytrap — Inventory (1)” and “Flytrap — Inventory (2).” These inventories appear to be lists of equipment used by a particular department within the CherryBlossom project, and many of the devices they list are very old, dating back to 2004. The devices include routers and access points, but also old computers and printers. While we are listing the devices from those inventories below, it is not immediately clear whether they were targeted or compromised by CherryBlossom. We will update this post as more information becomes available.

Again, the devices listed below may have been used to test Flytrap or other CherryBlossom tools, but that is not immediately clear. We will update this post as more information becomes available:

Up Next

Apple is reportedly working with Volkswagen on building self-driving vans

Quiz: Is this a Kanye West tweet, or an Elon Musk tweet?

This startup’s racial-profiling algorithm shows AI can be dangerous way before any robot apocalypse

Home Our Picks Popular Obsessions