Stay up to date with notifications from The Independent

Notifications can be managed in browser preferences.

Jump to content

US EditionChange

UK EditionAsia EditionEdición en Español
Sign up to our newslettersSubscribe: $6 for 6 months
More
Best
Climate
TV

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in

The Independent's journalism is supported by our readers. When you purchase through links on our site, we may earn commission.

Thousands exposed to hackers by Wi-Fi routers

Over 20 different models are affected by vulnerabilities

Aatif Sulleyman
Thursday 20 April 2017 14:01 BST
Comments
Linksys has issued a security advisory, including a temporary workaround for customers
Linksys has issued a security advisory, including a temporary workaround for customers (Getty)

Security researchers have discovered a range of vulnerabilities affecting a range of Wi-Fi routers.

Both “high-risk” and “low-risk” issues have been uncovered in more than 20 different Linksys router models, over 7,000 of which were “exposed on the internet” when the research was conducted in the fourth quarter of 2016.

The vulnerabilities could allow cybercriminals to leak information about devices connected to the router, as well as overload the router itself and deny access to a user.

Gadget and tech news: In pictures

Show all 25

The issues were detected by Tao Sauvage, a senior security consultant at IOActive, and independent researcher Antide Petit.

“A number of the security flaws we found are associated with authentication, data sanitization, privilege escalation, and information disclosure,” said Mr Sauvage.

“Additionally, 11 percent of the active devices exposed were using default credentials, making them particularly susceptible to an attacker easily authenticating and potentially turning the routers into bots, similar to what happened in last year’s Mirai Denial of Service (DoS) attacks.”

The Mirai botnet used insecure Internet of Things devices, such as cameras, routers, and light bulbs, to launch a massive attack against a top security blogger last September.

IOActive found ten vulnerabilities in Linksys products, which were reported to the company in January.

The affected models are:

  • EA2700
  • EA2750
  • EA3500
  • EA4500v3
  • EA6100
  • EA6200
  • EA6300
  • EA6350v2
  • EA6350v3
  • EA6400
  • EA6500
  • EA6700
  • EA6900
  • EA7300
  • EA7400
  • EA7500
  • EA8300
  • EA8500
  • EA9200
  • EA9400
  • EA9500
  • WRT1200AC
  • WRT1900AC
  • WRT1900ACS

Linksys has issued a security advisory, including a workaround for customers until final firmware updates are released in the coming weeks.

Recommended

"As we work towards publishing firmware updates, as a temporary fix, we recommend that customers using Guest Networks on any of the affected products below temporarily disable this feature to avoid any attempts at malicious activity," it wrote.

"We will be releasing firmware updates for all affected devices. In order for your device to receive the update as soon as it is available, please make sure you have automatic updates enabled."

Linksys also recommends users change the default administrator password for their routers.

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in