Protect your corporate IT network from hackers and other unwanted intruders with Proxy Sentinel™. Click here for all the details and get the peace of mind you deserve.
Back to our Homepage Proxy Sentinel™ high performance Internet proxy server and secure firewall solution Firewall Sentinel™ secure & powerful Internet firewall solution About Internet Security.ca and GCIS Frequently Asked Questions on Internet security issues Internet Security Industry News - Stay informed of what's happening Contact Internet Security.ca today and order your Proxy Sentinel™ or Firewall Sentinel™ server now!

More security vulnerabilities found in Linksys Wi-Fi routers

Sponsered ads:
Read the latest IT news. Visit ItDirection.net. Updated several times daily.

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

April 20, 2017

Internet security researchers at IO-Active warn that several models of Linksys so-called 'smart' Wi-Fi routers have many security vulnerabilities that could be exploited to create a botnet.

Overall, Wi-Fi home routers are known to have many security issues. The security holes could be abused to overload a PC or tablet and force a reboot, deny user access, leak sensitive information about the router and connected devices, or change restricted settings.

Many of the active devices exposed were using default user credentials making them particularly susceptible to abuse and being hacked.

No less than 10 separate security issues ranging from moderate to critical make more than twenty models of Linksys Wi-Fi routers susceptible to attack. An initial search identified over 7,000 security vulnerable devices exposed on the web at the time of the scan.

This is critical. IO-Active and Linksys have worked together somehow to validate and address the issues found in the last four months.

A security advisory was issued by Linksys last week, including a workaround for customers until final firmware updates are posted in the coming weeks.

The research was put together by IO Active senior security consultant Tao Sauvage and independent researcher Antide Petit.

"A number of the security flaws we discovered are associated with user authentication, data sanitisation, privilege escalation, and overall information disclosure," said Sauvage.

"Additionally, about eleven percent of the active devices exposed were using factory default credentials, making them particularly susceptible to an attacker easily authenticating and potentially turning the routers into bots, similar to what happened in 2016's Mirai DDoS attacks."

Benjamin Samuels, an application security engineer at Belkin's Linksys Division, asserted-- "Working together with IOActive, we've been able to effectively place a plan together to address the security issues identified and proactively communicate various recommendations for keeping customer devices and their data secure.

"On any given day, security is a high priority and by taking a few simple steps, customers can ensure their devices are more secure while we address the findings," he added.

In its security advisory, Linksys recommends that users temporarily disable the 'Guest Network' feature pending the availability of a more comprehensive workaround.

"Linksys was recently notified of some security vulnerabilities in the Linksys Smart Wi-Fi series of routers. As we work towards publishing firmware updates, as a temporary fix, we recommend that customers using Guest Networks on any of the affected products below temporarily disable this feature to avoid any attempts at malicious activity," the company asserted.

Source: Linksys.

Sponsered ads:
Read the latest IT news. Visit ItDirection.net. Updated several times daily.

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.


Home | Proxy Sentinel™ | Firewall Sentinel™ | FAQ | News | Sitemap | Contact
Copyright © Internet Security.ca    Terms of use    Privacy agreement    Legal disclaimer