On the basis that most linksys owners never touch or upgrade their firmware, why aren't linksys (and other manufacturers) products shipped with a physical hardware 'read-only' switch for the firmware to prevent unauthorised remote upgrades?

That makes entirely too much sense. They already have the hardware in the form of the WPS button which no one uses.

Hey man- professional courtesy here: "if linksys users believe their routers are compromised" is possibly the worst way to frame this. You should flatly advise users to update.

There's no patch. The fix is just to reflash Linksys firmware to make sure you're not running compromised firmware.

Given that there is a chance for things to go wrong, I wonder what's the real-world success rate of firmware upgrades performed by nontechnical users? Is it worth it when most devices very likely aren't infected?

Perhaps I'm missing something, but are you saying you trusted that the malware documentation is correct?

Didn't really have any other choice. We had tons of users calling in last week panicking over what to do about cherryblossom.

Without a sample of the implant or confirmation from the CIA that the documents are legitimate & unaltered, this advisory is pretty much all we can do for those users.

Didn't you have an infected target to test against?

Understood. Thank you. It makes sense that you would move on this urgently and confirm it's success only after.

Yeah this is a bit worrying. But since it was leaked, this actually doesn't seem so bad. What incentive would the CIA have to lie internally?

One good reason I can think of is to have something for leakers to leak that isn't based in reality.

Or: the CIA leaked it intentionally as smoke-screen.

I don't know. Are there organisational silos within intelligence agencies? Layers of access? It's hard to know for sure, but I'm yet to see a human organisation that doesn't have political in-fighting.