Wikileaks has freshly published its newly hacked documents from the CIA. Filed under the “Vault 7” series by Wikileaks, this leak talks about CIA’s methods of hacking into network routers from leading companies like Asus, Belkin, Buffalo, Dell, DLink, Linksys, Motorola, Netgear, Senao, and US Robotics. Surprisingly, Apple’s own AirPort Extreme router is missing from this list.
This is mainly because of the hardened encryption that Apple uses with its products, coupled by its unique hardware arrangement that’s tough to crack. The documents detail CIA’s “Cherry Blossom” program, which pertains to firmware modifications made to networking equipment so as to aid the agency’s surveillance efforts.
Cherry Blossom is capable of checking a user’s internet traffic, redirecting them to a particular website, or even look for passwords. The document also talks about how the firmware penetrates the hardware:
“In typical operation, a wireless device of interest is implanted with Cherry Blossom firmware, either using the Claymore tool or via a supply chain operation.”
The supply chain method basically talks about injecting the firmware sometime after the product leaves the manufacturing unit and before it reaches the customers. Not a lot was discussed about the Claymore tool, however.
Back in March, Wikileaks documents revealed some exploits that were found on iOS devices. However, Apple was quick to mention that these were old and had been patched already. Another report spoke about how Apple and a bunch of other companies might be at a loss to discover fixes for the exploits found by the CIA.
Apple will breathe a sigh of relief to know that its devices weren’t mentioned in this fresh leak. Other companies, however, have to ensure their customers that they aren’t being snooped on.