Lynksys Routers Feature Massive Security Flaw
Ashley Allen / 1 week ago
Security researchers have found that a number of Linksys Smart Wi-Fi routers contain vulnerabilities that could be exploited to form part of a botnet. Cybersecurity consultancy IOActive discovered that these flaws – ten separate issues across twenty models – could allow hackers to take over the device and change its credentials, deny user access, or leak information. During an initial scan, IO Active found there to be more than 7,000 vulnerable routers online at the time.
“A number of the security flaws we found are associated with authentication, data sanitisation, privilege escalation, and information disclosure,” Tao Sauvage, senior security consultant at IOActive, said (via The Register). “Additionally, 11 per cent of the active devices exposed were using default credentials, making them particularly susceptible to an attacker easily authenticating and potentially turning the routers into bots, similar to what happened in last year’s Mirai Denial of Service (DoS) attacks.”
The following Linksys routers have been found to contain these known vulnerabilities:
While a fix is coming soon, in the meantime Linksys recommends disabling guest networks.
“Working together with IOActive, we’ve been able to efficiently put a plan together to address the issues identified and proactively communicate recommendations for keeping customer devices and data secure,” Benjamin Samuels, an application security engineer at Belkin (Linksys Division), said. “Security is a high priority and by taking a few simple steps, customers can ensure their devices are more secure while we address the findings.”
“Linksys was recently notified of some vulnerabilities in our Linksys Smart Wi-Fi series of routers,” Samuels added. “As we work towards publishing firmware updates, as a temporary fix, we recommend that customers using Guest Networks on any of the affected products below temporarily disable this feature to avoid any attempts at malicious activity.”