Thousands exposed to hackers by Wi-Fi routers
Over 20 different models are affected by vulnerabilities
Your support helps us to tell the story
From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.
At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.
The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.
Your support makes all the difference.Security researchers have discovered a range of vulnerabilities affecting a range of Wi-Fi routers.
Both “high-risk” and “low-risk” issues have been uncovered in more than 20 different Linksys router models, over 7,000 of which were “exposed on the internet” when the research was conducted in the fourth quarter of 2016.
The vulnerabilities could allow cybercriminals to leak information about devices connected to the router, as well as overload the router itself and deny access to a user.
The issues were detected by Tao Sauvage, a senior security consultant at IOActive, and independent researcher Antide Petit.
“A number of the security flaws we found are associated with authentication, data sanitization, privilege escalation, and information disclosure,” said Mr Sauvage.
“Additionally, 11 percent of the active devices exposed were using default credentials, making them particularly susceptible to an attacker easily authenticating and potentially turning the routers into bots, similar to what happened in last year’s Mirai Denial of Service (DoS) attacks.”
The Mirai botnet used insecure Internet of Things devices, such as cameras, routers, and light bulbs, to launch a massive attack against a top security blogger last September.
IOActive found ten vulnerabilities in Linksys products, which were reported to the company in January.
The affected models are:
- EA2700
- EA2750
- EA3500
- EA4500v3
- EA6100
- EA6200
- EA6300
- EA6350v2
- EA6350v3
- EA6400
- EA6500
- EA6700
- EA6900
- EA7300
- EA7400
- EA7500
- EA8300
- EA8500
- EA9200
- EA9400
- EA9500
- WRT1200AC
- WRT1900AC
- WRT1900ACS
Linksys has issued a security advisory, including a workaround for customers until final firmware updates are released in the coming weeks.
"As we work towards publishing firmware updates, as a temporary fix, we recommend that customers using Guest Networks on any of the affected products below temporarily disable this feature to avoid any attempts at malicious activity," it wrote.
"We will be releasing firmware updates for all affected devices. In order for your device to receive the update as soon as it is available, please make sure you have automatic updates enabled."
Linksys also recommends users change the default administrator password for their routers.
Join our commenting forum
Join thought-provoking conversations, follow other Independent readers and see their replies
Comments