Back to Top

Scroll Down


My Guides

Is your home router vulnerable to Cherry Blossom attacks?

Apparently, some governments are more than eager to invest a portion of their huge budgets into hacking tools. And one of these sets of tools, named Cherry Blossom, has recently made quite a few waves. Why? For starters, it utilizes a new infection method: it alters router firmware, injecting modified code into it. This means that most applications (antiviruses, software-based firewalls, etc.) won't be effective against it; they won't be able to detect any problem, because the attack takes place at a lower, hardware-based level.

It's a huge issue, because the routers' built-in firewalls are the only effective means of protecting for most home users. So, once that the router is compromised, everything that you are doing online may also be compromised.

But how can someone modify your router's firmware without getting access to it? We're approaching conspiracy movie levels here, but let's imagine that a truck that’s full of routers is intercepted as it leaves the factory. Or maybe the routers are secretly modified at night, while they are waiting to be shipped from a warehouse!

These are all possible, even though not 100% probable scenarios, and the actual hacking method could be, in fact, much simpler. Since most modern routers can be updated over wireless networks as well, it is really easy for an attacker to use a brute-force attack, find out the password of your Wi-Fi network, and then connect to it. Then, he can easily install the modified firmware onto your router using a modified version of the app that was provided by the router manufacturer. The hacker would only need to modify the in-app URL of the firmware update package, and a skilled programmer won’t need more than five minutes to take care of this task.

Once that the modified firmware has been deployed, man-in-the-middle attacks become possible. This means that hackers will be able to intercept and even manipulate Internet traffic according to their liking. They could replace all the images that load on a specific website with other images in real time, for example. Or they could replace the people's names that are included in a specific article with other names.

If your router is infected, all your login user names and passwords will be exposed as well. This means that all your accounts can be accessed by the interested third parties. And the bad new doesn't stop here! If you want to access a particular site, you may be redirected to a different one, which is under the attacker's control. And since data injection is now possible, the hacker could use that site to deliver, install, and then run malware on your computers.

Here's a comprehensive list with the affected routers, which was published by QZ. Don't panic if you see your router manufacturers' name on that list, though; not all the models have been affected, and you have hopefully applied the newest router patch. Not only that, but I assume that you aren't doing anything nefarious online or offline, so I guess that you aren't a target.