WikiLeaks, the non-profit organization that publishes secret information, news leaks, and classified media, has recently been unloading a good number of top-secret documents in its ongoing “Vault 7” series. The latest one, which was published Thursday, reveals a new tool that the CIA has allegedly used to hack into people's routers and essentially turn them into spy tools that can track all incoming and outgoing traffic.

A powerful hacking tool

International Business Times wrote how the CIA program, called “CherryBlossom,” was outlined in the recently leaked document, which also detailed just how powerful and potentially dangerous it could be in the wrong hands.

The program itself actually replaces a router’s built-in software and then injects a reprogrammed firmware version built by the CIA called the “FlyTrap.” The document also specifically mentioned that physical access to the router isn’t necessary and that the program can be injected remotely.

Potential applications

After injecting the CIA-modified firmware, users of the program can then track and monitor all of the activities within the target’s local network. All incoming and outgoing Internet traffic can also be intercepted. Additionally, the firmware may also be used to inject different malicious codes into the target’s computers that are connected to the router.

This includes the injection of keylogging software to track keystrokes and collect passwords.

A control software may also be injected, which will allow the user to take over a target computer’s camera and microphone. This basically allows the program’s users to fully take over a target’s computer and remotely execute different commands and intercept any data from it.

An outdated hacking tool

The recently published document on the website also lists over 200 Wi-Fi routers that are susceptible to the “CherryBlossom” software.

A good number of the routers listed are older models, which means that the software may be more than a few years old as well. However, it has to be noted that most of the routers listed are still being used by hundreds of people. The document also implies that the CIA may have been using the program to spy on people for years without anyone knowing it.

More documents are still expected to be leaked in the coming weeks as the “Vault 7” series continues. Prior to the “CherryBlossom” leak, documents regarding the weaponized 0-day exploits were also released. The exploit basically allowed the CIA to hack into different devices, including iPhones, smart TVs, and different Android devices.