CIA spyware has been infecting home routers since 2007

The latest Vault7 relevation from Wikileaks offers evidence that home routers have been the target of CIA hacks since 2007. At least 25 router models from ten manufacturers, including Linksys, D-Link and Belkin, can be transformed into covert listening posts that allow the agency to monitor and manipulate incoming/outgoing traffic and infect connected devices. Many of these routers contain(ed) exploits that could be used to retrieve the admin password or to remotely replace the firmware.

CherryBlossom, as the implant is code-named, can be especially effective against targets using some D-Link-made DIR-130 and Linksys-manufactured WRT300N models because they can be remotely infected even when they use a strong administrative password. An exploit code-named Tomato can extract their passwords as long as a default feature known as universal plug and play remains on. Routers that are protected by a default or easily-guessed administrative password are, of course, trivial to infect. In all, documents say CherryBlossom runs on 25 router models, although it's likely modifications would allow the implant to run on at least 100 more.

Full details at ARS Technica.