According to WiKiLeaks, the CIA developed and implemented CherryBlossom with the help of the Stanford Research Institute (SRI International).
The article states that, “CherryBlossom provides a means of monitoring the Internet activity of and performing software exploits on Targets of interest. In particular, CherryBlossom is focused on compromising wireless networking devices, such as wireless routers and access points (APs), to achieve these goals. Such Wi-Fi devices are commonly used as part of the Internet infrastructure in private homes, public spaces (bars, hotels or airports), small and medium sized companies as well as enterprise offices. Therefore these devices are the ideal spot for “Man-In-The-Middle” attacks, as they can easily monitor, control and manipulate the Internet traffic of connected users. By altering the data stream between the user and Internet services, the infected device can inject malicious content into the stream to exploit vulnerabilities in applications or the operating system on the computer of the targeted user.”
The routers and Wi-Fi devices that are impacted include those manufactured by 3Com, Cisco, Belkin, D-Link, Linksys and other popular brands.
A full list can be found here.https://wikileaks.org/vault7/document/WiFi_Devices/
Not only is this new threat an invasion of privacy and unconstitutional, it now poses an increased risk of CherryBlossom falling into the wrong hands and being used by hackers worldwide.