More security vulnerabilities found in Linksys Wi-Fi routers
Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!
April 20, 2017
Internet security researchers at IO-Active warn that several models of Linksys so-called 'smart' Wi-Fi routers have many security vulnerabilities that could be exploited to create a botnet.
Overall, Wi-Fi home routers are known to have many security issues. The security holes could be abused to overload a PC or tablet and force a reboot, deny user access, leak sensitive information about the router and connected devices, or change restricted settings.
Many of the active devices exposed were using default user credentials making them particularly susceptible to abuse and being hacked.
No less than 10 separate security issues ranging from moderate to critical make more than twenty models of Linksys Wi-Fi routers susceptible to attack. An initial search identified over 7,000 security vulnerable devices exposed on the web at the time of the scan.
This is critical. IO-Active and Linksys have worked together somehow to validate and address the issues found in the last four months.
A security advisory was issued by Linksys last week, including a workaround for customers until final firmware updates are posted in the coming weeks.
The research was put together by IO Active senior security consultant Tao Sauvage and independent researcher Antide Petit.
"A number of the security flaws we discovered are associated with user authentication, data sanitisation, privilege escalation, and overall information disclosure," said Sauvage.
"Additionally, about eleven percent of the active devices exposed were using factory default credentials, making them particularly susceptible to an attacker easily authenticating and potentially turning the routers into bots, similar to what happened in 2016's Mirai DDoS attacks."
Benjamin Samuels, an application security engineer at Belkin's Linksys Division, asserted-- "Working together with IOActive, we've been able to effectively place a plan together to address the security issues identified and proactively communicate various recommendations for keeping customer devices and their data secure.
"On any given day, security is a high priority and by taking a few simple steps, customers can ensure their devices are more secure while we address the findings," he added.
In its security advisory, Linksys recommends that users temporarily disable the 'Guest Network' feature pending the availability of a more comprehensive workaround.
"Linksys was recently notified of some security vulnerabilities in the Linksys Smart Wi-Fi series of routers. As we work towards publishing firmware updates, as a temporary fix, we recommend that customers using Guest Networks on any of the affected products below temporarily disable this feature to avoid any attempts at malicious activity," the company asserted.
Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!Tweet Share on Twitter.