Linksys WiFi Routers Contain At Least 10 Bugs In More Than 20 Models
Ali Reza writes on the April 23, 2017 website, of HackRead.com, that “IT researchers have discovered that more than 20 different Linksys’ Routers models are leaving thousands of [brand new] devices vulnerable to outside attacks [hacks]. Tao Savage, a Senior Security Consultant for IOActive, along with Antide Petit, an independent researcher, published the existence of these bugs that were first discovered last year. The blog post states that about 10 vulnerabilities in 20 different models have left thousands of devices vulnerable to cyber attacks. And yes, these devices are already spread throughout the world.”
“The flaws in question allow the potential hacker to overload the routers and create forced reboots. This is done by creating DoS (Denial-Of-Service) conditions, and it keeps regular users of the device incapable of using it,” Mr Reza wrote.
“The bugs also give the attackers the chance to bypass SGI scripts, and steal private information, and even manipulate restricted settings,” he added. “And not only that, but the hackers that use this method can execute commands with root privileges, and create the sort of backdoor accounts that can be used for persistent access; and, wouldn’t be viewable when it comes to the smart management console for the router.” Mr. Reza warned.
List Of Vulnerable Routers
EA2700 EA2750 EA3500 EA4500v3 EA6100 EA6200 EA6300 EA6350v2 EA6350v3 EA6400 EA6500 EA6700 EA6900 EA7300 EA7400 EA7500 EA8300 EA8500 EA9200 EA9400 EA9500 WRT1200AC WRT1900AC WRT1900ACS & WRT3200ACM
IOActive assessed that “over 7,000 devices [routers] were flawed [infected] at the time of their search,” Mr. Reza noted. IOActive and Mr. Petit “found that almost 11 percent of the flawed routers still have default credentials; and, that any hacker knows how to exploit this [these vulnerabilities] — even if the flaws weren’t there already.” Sixty nine percent of these flawed routers have been sold in the United States. “Other countries with the compromised routers include: Canada, Chile, Hong Kong, the Netherlands, Venezuela, Argentina, and Russia.” Each of these countries has one percent, or more of these flawed routers, while the remaining thirteen percent of the flawed routers are dispersed across the globe, where they represent less than one percent of all routers sold.
“Upon discovering this flaw in January of this year, IOActive contacted Linksys, and warned the company that they had three months to patch the devices before disclosing publicly that these routers had vulnerabilities that could be exploited by hackers. Linksys did what they could,” Mr. Reza wrote, “and, in March, the company created a Customer Advisory, in which they warned customers of the problem — and, gave instructions on how to deal with this vulnerability — until a more permanent solution could be found. The advisory has been released; and, an update, including instructions on how to fix these gaps, will be published in the coming weeks.”
Finally, Mr. Reza notes that “back in January, similar bugs were discovered in SOHO devices; and, also in enterprise D-Link routers, which leaves both regular users and corporate networks at risk. This discovery unveiled that these routers had over 50 vulnerabilities that needed to be fixed [patched],” otherwise individuals and corporations who possess these routers will remain vulnerable to a cyber attack.
As I have written many times, the only ‘safe’ device is one that is never used. The Internet and our entire network enterprise and now, the Internet of Things (IoT) was built with ease of use in mind — and, security was down on the priority list. Now of course, we have an Internet ecosystem that is full of vulnerabilities and gaps. And, if cyber hackers and cyber thieves can’t find a gap in your system, then they will look to secondary and tertiary targets to eventually get to you. The bottom line is that you should never assume your device is ‘clean.’ Assume it is dirty up front. Otherwise, you are setting yourself up for a nasty surprise down the road. As my old boss, Secretary of Defense Donald Rumsfeld used to say, “The absence of evidence does not constitute evidence of absence. Just because you, or a cyber geek you have paid to inspect your network — don’t find any malware or bugs — doesn’t mean your device or network is clean. Remember, the best cyber hackers haven’t been discovered, or caught yet. V/R, RCP, www.fortunascormner.com