Thousands exposed to hackers by Wi-Fi routers

Security researchers have discovered a range of vulnerabilities affecting a range of Wi-Fi routers.

Both “high-risk” and “low-risk” issues have been uncovered in more than 20 different Linksys router models, over 7,000 of which were “exposed on the internet” when the research was conducted in the fourth quarter of 2016.

The vulnerabilities could allow cybercriminals to leak information about devices connected to the router, as well as overload the router itself and deny access to a user.

The issues were detected by Tao Sauvage, a senior security consultant at IOActive, and independent researcher Antide Petit.

“A number of the security flaws we found are associated with authentication, data sanitization, privilege escalation, and information disclosure,” said Mr Sauvage.

“Additionally, 11 percent of the active devices exposed were using default credentials, making them particularly susceptible to an attacker easily authenticating and potentially turning the routers into bots, similar to what happened in last year’s Mirai Denial of Service (DoS) attacks.”

The Mirai botnet used insecure Internet of Things devices, such as cameras, routers, and light bulbs, to launch a massive attack against a top security blogger last September.

IOActive found ten vulnerabilities in Linksys products, which were reported to the company in January.

The affected models are:

EA2700
EA2750
EA3500
EA4500v3
EA6100
EA6200
EA6300
EA6350v2
EA6350v3
EA6400
EA6500
EA6700
EA6900
EA7300
EA7400
EA7500
EA8300
EA8500
EA9200
EA9400
EA9500
WRT1200AC
WRT1900AC
WRT1900ACS
Linksys has issued a security advisory, including a workaround for customers until final firmware updates are released in the coming weeks.

“As we work towards publishing firmware updates, as a temporary fix, we recommend that customers using Guest Networks on any of the affected products below temporarily disable this feature to avoid any attempts at malicious activity,” it wrote.

“We will be releasing firmware updates for all affected devices. In order for your device to receive the update as soon as it is available, please make sure you have automatic updates enabled.”

Linksys also recommends users change the default administrator password for their routers.

Source:http://www.independent.co.uk/life-style/gadgets-and-tech/news/wifi-hackers-risk-linksys-routers-exposed-a7691496.html

Print Friendly

Leave a Reply