William Gallagher
The flaw that may have been leaking data since 2014 reportedly exposes routers that haven't had their default passwords changed, and it can even help lead hackers to physically locate devices and users in the real world.
Researcher Troy Mursch claims that in excess of 25,000 Linksys Smart Wi-Fi routers currently in use have a flaw that means significant data is accessible by hackers. Writing in Bad Packets Report, a "cyber threat intelligence" company, he says sensitive information is being leaked, although the manufacturer now denies this.
Linksys was bought in 2013 by Belkin — and that firm was then bought by Foxconn in 2018 — and that firm says that its staff haven't been able to reproduce Mursch's findings.
"We quickly tested the router models flagged by Bad Packets using the latest publicly available firmware (with default settings) and have not been able to reproduce [it]," said Linksys in an online security advisory, "meaning that it is not possible for a remote attacker to retrieve sensitive information via this technique."
Linksys further says that this is because the flaw was fixed in 2014. However, Mursch disagrees.
"While [this flaw] was supposedly patched for this issue, our findings have indicated otherwise," says Bad Packets. "Upon contacting the Linksys security team, we were advised to report the vulnerability... After submitting our findings, the reviewing analyst determined the issue was 'not applicable/won't fix' and subsequently closed."
If your router is one of those leaking information in this way, then the details that may be available to hackers include the MAC address of every device connected now — or ever.
It can also include device names like "William's iPhone" plus whether the device is a Mac, PC, iOS or Android device. The combination of a MAC address and Linksys Smart Wi-Fi routers' public IP address can mean that hackers could geo-locate or track "William," claims Mursch.
More easily and immediately discovered, though, is whether a router's default admin password has been changed or not.
This flaw and Linksys/Belkin's response were first reported by Ars Technica which notes that the number of affected routers appears to be reducing. After the initial report of 25,617, a repeat of the test some days later revealed 21,401 vulnerable devices.
A complete list of the Linksys router models reported affected is on the Bad Packets site.
Oliver Haslam
Christine McKee
Sponsored Content
Malcolm Owen
Andrew Orr
49 Comments
i currently 'trust' google to look after my router
I’m keeping my AirPort Extreme until it breaks.
I used to use Linksys routers in the aughts. Not a pleasant experience.
I knew it was a suspicious.
Changing the password should be one of the first things you do when getting a new router. I had a Netgear router that was great but somehow it got corrupted during a reboot after a power outage so I picked up a used Airport Extreme dirt cheap. I miss the control I had with the Netgear but love it that having a small market share router means I fly under the radar for most hackers.
Like Tht, I'm keeping it until it breaks.
It's news reports like these that makes me wish that Apple gets back in the router business. I've owned every brand of consumer router made and they were all garbage. From hardware instabilities requiring a monthly reboot, to software vulnerabilities, and downright failures every six months. They were trash. I own sever multi-unit apartment buildings and provide Internet access to each one as a courtesy. Having routers fail every few months, or get unstable every few weeks was frustrating.