Your Wi-Fi router, sitting in the corner of your home accumulating dust and unpatched security flaws, provides an attractive target for hackers. Including, according to a new WikiLeaks release, the CIA.
On Thursday, WikiLeaks published a detailed a set of descriptions and documentation for the CIA’s router-hacking toolkit. It’s the latest drip in the months-long trickle of secret CIA files it’s called Vault7, and it hints at how the agency leverages vulnerabilities in common routers sold by companies including D-Link and Linksys. The techniques range from hacking network passwords to rewriting device firmware to remotely monitor the traffic that flows across a target’s network. After reading up on them, you may find yourself itching to update your own long-neglected access point.
Routers make an appealing entry point for hackers, the CIA included, in part because most of them offer no easily accessible interface or performance giveaways when they’ve been compromised. “There’s no sign to tell you whether your router is hacked or not—you’re just on the internet as normal,” says Matthew Hickey, a security researcher and founder of the firm Hacker House, who’s analyzed the documents. “The only thing is that everything you’re doing on the internet is going through the CIA.”