Wikileaks yesterday published its latest round of allegedly leaked CIA documents, detailing aspects of the U.S. agency's "Cherry Blossom" firmware modification program, which uses modified versions of router firmware to turn networking devices into surveillance tools.

The document is the latest in WikiLeaks' "Vault 7" series of publications on CIA hacking methods. Previous leaks have detailed the agency's targeting of iOS devices and Macs, while this manual relates specifically to network routers: Once installed, the Cherry Blossom program can be used to monitor internet traffic, crawl for passwords, and redirect the target user to a particular website.



The manual also describes how CIA agents might install the modified firmware. "In typical operation, a wireless device of interest is implanted with Cherry Blossom firmware, either using the Claymore tool or via a supply chain operation." While documents have not been made public that detail the "Claymore" tool, the latter tactic refers to the practice of intercepting the target device somewhere between the factory and the end user.

The document lists several network products as susceptible to its hacking protocol, including devices from Asus, Belkin, Buffalo, Dell, DLink, Linksys, Motorola, Netgear, Senao, and US Robotics. Apple's AirPort networking equipment does not appear on the list, however.

The CIA has struggled to penetrate Apple's network router hardware in the past due to a combination of the company's robust encryption and its use of proprietary hardware. Previous Harpy Eagle documents published by Wikileaks show apparently unsuccessful efforts to "gain root access on an Apple Airport Extreme and Time Capsule via local and/or remote means to install a persistent rootkit into the flash storage of the devices".

The Cherry Blossom document dates to 2012, so it's likely CIA methods have moved on in an effort to keep up to date with changing networking hardware. In a response the same day that the iOS device hacking efforts came out, Apple said that many of the vulnerabilities in that leak were already patched. Apple reportedly ceased development of its AirPort networking devices last year.