Did the CIA Hack Your Router?
Choosing a strong password for your Wi-Fi router wouldn't have been enough to defend it from a reported Central Intelligence Agency hacking tool that WikiLeaks revealed this week.
The hacking software, known as CherryBlossom, is designed to allow CIA agents to replace the firmware of a wireless router with custom code that allows them to monitor its internet traffic remotely, according to a user manual WikiLeaks posted.
The manual was published in 2006 and last updated in 2012. It and related technical documents are part of WikiLeaks' Vault7 trove of stolen intelligence, which the organization announced in March. The CIA has refused to comment on the trove, which was circulated among US government contractors, according to WikiLeaks, one of whom provided it to the organization.
Using CherryBlossom, the CIA would have been able to bypass a router's security and access its firmware upgrade page using a variety of methods. Some require the router's administrator username and password, while others, including a "Claymore tool," have the built-in capability to guess the login credentials and wirelessly replace the firmware using a nearby laptop.
