The CIA has apparently been hacking WiFi routers for years to secretly spy on our internet activity, according to recently published documents from WikiLeaks, but Apple’s AirPort Basestations aren’t on the list. Plenty of other popular basestations are, however, which means the public, home, and business WiFi networks you use could’ve been surveillance targets.
The tools the CIA used to monitor activity passing through WiFi routers is called Cherry Blossom. Assuming the documents WikiLeaks published are legit, the CIA has been able to monitor all the data passing through a compromised router for several years, redirect users to CIA controlled websites, monitor email activity, and more.
WiFi routers on the CIA’s Cherry Blossom hackable list include models from 3Com, Aironet/Cisco, Asustek, Belkin, Buffalo, D-Link, Linksys, Netgear, US Robotics, and more. Missing from that list is Apple’s AirPort Basestation lineup.
Apparently once a device makes it onto the Cherry Blossom list it’s easy for the CIA to maintain its hacked state even after firmware updates. That sounds pretty bleak, but it doesn’t necessarily mean every bit of data passing through your home WiFi router is being watched by the CIA.
The CIA’s WiFi Router Hack Fest
The CIA needs to identify the routers it wants to target and then hack into them. That means unless the agency has a reason to want to monitor a specific person’s online activity odds are susceptible basestations used in home settings haven’t been compromised. Public locations, however, like coffee shop networks, are a perfect CIA target because so many people use them.
Based on a leaked Cherry Blossom device spreadsheet, the CIA was targeting WiFi routers that supported the 802.11a/b/g standards. Since their efforts predate 802.11n and 802.11ac, it’s possible more modern routers aren’t susceptible to the exploit. Newer models aren’t likely off the hook because it’s a safe bet the CIA has a newer set of tools to target those.
Regardless, it seems Apple’s WiFi router lineup hasn’t been—or at least wasn’t—the target of CIA snooping.
WiFi Routers, Privacy, and the CIA
Apple’s absence from the CIA WiFi router list implies the company built a product that wasn’t susceptible to Cherry Blossom. If that’s the case, it means Apple’s push for strong security in its products paid off, making it unfortunate the company stopped making WiFi products. Alternately, the AirPort lineup may be targeted in a different surveillance campaign that hasn’t been leaked yet.
In the end, there are two big takeaways from this set of WikiLeaks documents: WiFi router makers need to take device security more seriously, and if government agencies have found ways to compromise our wireless networks then hackers most likely have, too.
Hopefully WiFi router makers will take this leak as a wakeup call and work harder to improve security in their products. And if you’re hoping this will convince Apple to bring back its AirPort Basestations, get ready for disappointment. Apple’s out of that game and isn’t going back.
@John:
I agree with you, and started to close my comment with an appeal to Apple to get back into the router game.
Beyond being an important security distinction for Apple’s router, it’s an indicator that, however secure Apple’s platform, their work and their customers’ security is compromised by third party routers.
I continue to use mine, and will continue to use it until it either dies or can no longer keep up with the technology.
In the meantime I’m clutching onto my Apple AC router like I am to my cheese grater Mac Pro
If enough people demand it, and stop apologizing for Apple, Apple might do the right thing and continue to make these routers. We’ve seen it before. I’m really tired of people making bad excuses for why Apple doesn’t need to make a router. No other router can do “back to my Mac” routing. Apples Wall garden and decently frequent firmware updates also help. And people are totally lacking imagination, but Apple can’t do more with the time capsule and make it more like a synology cloud server. I wish more people would have the guts to complain, rather than just shrugged their shoulders and say that’s our lot.
The reason that we’re getting a new Mac Pro, is there was enough loud voices yelling down the apologists for the trashcan mac. It’s also why were getting apple displays back. Don’t just take it, make some noise
So, Jeff:
There are three reasons why the Apple Airport never made it onto the list.
1) The old saw that the market share of the Apple family of computers is simply too small to make it an attractive target. This, despite the wide distribution of Macs amongst thought leaders and heads of major concerns – just look at what people are using in business and first class lounges these days.
2) Apple clients, and Mac users specifically, are simply too law abiding, well-behaved and boring to bother trying to hack into their routers – nothing to see here, people.
3) The security of these devices was truly industry leading, and superior to most of what was contemporaneously commercially available.
Hopefully, today’s manufacturers will take note to up their security protocols, but I shouldn’t count on it.