Linksys routers plagued by security vulnerabilities, research finds

Linksys routers plagued by security vulnerabilities, research finds

In a major boost to cyber-security practices and making Wi-Fi routers invulnerable to hacking attempts, security firm IOActive today revealed that they have successfully identified as many as ten low to high-risk vulnerabilities in Linksys Wi-Fi routers, some of which are in active circulation in the UK as we speak.

In a major boost to cyber-security practices and to making Wi-Fi routers impervious to hacking attempts, security firm IOActive today revealed that they have successfully identified as many as ten low to high-risk vulnerabilities in Linksys Wi-Fi routers, some of which are in active circulation in the UK right now.

Linksys and IOActive are now working together to build a new firmware which will plug the vulnerabilities and protect more than 20 models of Linksys Smart Wi-Fi Routers from cyber-attacks.

Alarmingly, IOActive found that as many as twenty models of such Wi-Fi routers were susceptible to risks like access denial, leaking of sensitive information, and manipulation of settings via unauthorised access. Such risks could seriously endanger confidential data of their owners and could also impact their access to Wi-Fi services as a result.

“A number of the security flaws we found are associated with authentication, data sanitization, privilege escalation, and information disclosure. Additionally, 11 percent of the active devices exposed were using default credentials, making them particularly susceptible to an attacker easily authenticating and potentially turning the routers into bots, similar to what happened in last year’s Mirai Denial of Service (DoS) attacks,” said Tao Sauvage, senior security consultant at IOActive.

“Two of the security issues we identified allow unauthenticated attackers to create a Denial-of-Service (DoS) condition on the router. By sending a few requests or abusing a specific API, the router becomes unresponsive and even reboots. The Admin is then unable to access the web admin interface and users are unable to connect until the attacker stops the DoS attack,” he added.

Owned by Belkin, Linksys home Wi-Fi routers are very popular outside of Asia and the researchers found that at the time of testing, over 7,000 such routers were actively being used by customers. 69% of such devices were in use in the United States and 10% in Canada. The number of devices being used in the UK counted for just 1% of the total number of routers. As many as 11% of all devices were still using default login credentials, making them more susceptible to hacks compared to those protected by firewalls or new credentials.

Even though Linksys hasn’t released a firmware yet to fix the said vulnerabilities, the company has issued an advisory to its customers, offering temporary solutions which will keep the active routers secure from hacking attempts in the meantime.

Copyright Lyonsdown Limited 2021

Top Articles

RockYou2021 data leak: 8.4 billion passwords compromised

A report shows that 100GB of data which includes 8.4 billion passwords have been recently leaked on the internet, people are being encouraged to secure their accounts.

Hackers Breach Electronic Arts & Steal Game Code

Electronic Arts, one of the world's biggest video game publishers including games such as FIFA, Madden, Sims and Medal of Honor, are the latest company to be hacked.

JBS Foods paid £7.7m in ransom to REvil ransomware gang

JBS Foods, the world’s largest processor of beef and poultry products, has admitted to paying a ransom of $11 million to cyber criminals, a week after it announced that operations…

Related Articles

[s2Member-Login login_redirect=”https://www.teiss.co.uk” /]