The CIA has apparently been hacking WiFi routers for years to secretly spy on our internet activity, according to recently published documents from WikiLeaks, but Apple’s AirPort Basestations aren’t on the list. Plenty of other popular basestations are, however, which means the public, home, and business WiFi networks you use could’ve been surveillance targets.
The tools the CIA used to monitor activity passing through WiFi routers is called Cherry Blossom. Assuming the documents WikiLeaks published are legit, the CIA has been able to monitor all the data passing through a compromised router for several years, redirect users to CIA controlled websites, monitor email activity, and more.
WiFi routers on the CIA’s Cherry Blossom hackable list include models from 3Com, Aironet/Cisco, Asustek, Belkin, Buffalo, D-Link, Linksys, Netgear, US Robotics, and more. Missing from that list is Apple’s AirPort Basestation lineup.
Apparently once a device makes it onto the Cherry Blossom list it’s easy for the CIA to maintain its hacked state even after firmware updates. That sounds pretty bleak, but it doesn’t necessarily mean every bit of data passing through your home WiFi router is being watched by the CIA.
The CIA’s WiFi Router Hack Fest
The CIA needs to identify the routers it wants to target and then hack into them. That means unless the agency has a reason to want to monitor a specific person’s online activity odds are susceptible basestations used in home settings haven’t been compromised. Public locations, however, like coffee shop networks, are a perfect CIA target because so many people use them.
Based on a leaked Cherry Blossom device spreadsheet, the CIA was targeting WiFi routers that supported the 802.11a/b/g standards. Since their efforts predate 802.11n and 802.11ac, it’s possible more modern routers aren’t susceptible to the exploit. Newer models aren’t likely off the hook because it’s a safe bet the CIA has a newer set of tools to target those.
Regardless, it seems Apple’s WiFi router lineup hasn’t been—or at least wasn’t—the target of CIA snooping.
WiFi Routers, Privacy, and the CIA
Apple’s absence from the CIA WiFi router list implies the company built a product that wasn’t susceptible to Cherry Blossom. If that’s the case, it means Apple’s push for strong security in its products paid off, making it unfortunate the company stopped making WiFi products. Alternately, the AirPort lineup may be targeted in a different surveillance campaign that hasn’t been leaked yet.
In the end, there are two big takeaways from this set of WikiLeaks documents: WiFi router makers need to take device security more seriously, and if government agencies have found ways to compromise our wireless networks then hackers most likely have, too.
Hopefully WiFi router makers will take this leak as a wakeup call and work harder to improve security in their products. And if you’re hoping this will convince Apple to bring back its AirPort Basestations, get ready for disappointment. Apple’s out of that game and isn’t going back.