WikiLeaks has disclosed an alleged CIA program known as “ Cherry Blossom ” that was used by the agency to spy on individuals and personalities by turning the network access points and Internet routers as surveillance devices.
In the latest Vault 7 series of leaks, Wikileaks has exposed the program, which the purpose is to replace a router’s firmware with a CIA modified version known as FlyTrap. This doesn’t even require a physical access to the device in most cases. With the control over the router, CIA could monitor the target’s local network and internet traffic. It could inject malicious software for various reasons – including keyloggers to collect passwords or seizing control of a device's camera and microphone.
Once the agents are installed on the devices, the agency can monitor the target using a web-based platform called Cherryweb. The C&C server that compiles the data collected by FlyTrap is codenamed CherryTree.
The Cherry Blossom disclosure is part of an ongoing exposure of NIA driven spying activities that began on March 7 with the leaking of weaponized 0-day exploits. It's used by the CIA in targeting a wide range of US and foreign products, including iPhones, Android devices, and Samsung TVs.
Most of the router listed in the leak are older models, indicating that the documents are somewhat outaged, but there are plenty of organizations still using the old models. In one of the list 200 WiFi devices allegedly susceptible to the Cherry Blossom program
The program also allow the CIA to detect when a person is using their home network and divert the user's traffic through predetermined servers.