The trove of documents released by the anti-privacy publication on Thursday details the CIA's CherryBlossom project, in which the intelligence agency has compromised Wi-Fi routers in private homes, public spaces, businesses and enterprise environments in order to gather information about specific targets. Passwords present little obstacle in many cases and the fact that remote infection is possible makes the implant very simple to install.
The CIA, as is to be expected, has neither confirmed nor denied the existence of the CherryBlossom programme nor the legitimacy of the leaked documents. Many models are also vulnerable to relatively easy exploits, which also makes them an attractive target for spying agencies. Although the document says that the hack was operational for 25 different models of routers from major manufacturers, it is likely that the real number was much higher. It particularly focused on wireless devices like routers and access points to gain access to user systems. The goal of the initiative is to replace a router's firmware with a CIA-modified version known as FlyTrap. A FlyTrap will beacon over the Internet to a Command & Control server referred to as the CherryTree.
A FlyTrap can send data to the CherryTree containing device status and security information which is logged into the C&C's database.
Operators have a web browser interface called "CherryWeb" to check on the compromised "FlyTrap" devices and receive missions such as deploying exploits on targets connected to the routers.
Check out the full CherryBlossom documentation over on the WikiLeaks' website.
If the Central Intelligence Agency installs it, an agent monitoring the traffic through that router will be able to pick up information such as a person's passwords. The list includes various brands like Apple, Cisco, Belkin, Asus, D-Link, Linksys, etc.