The back side of a linksys router, which has been shown to leak data.
Image: Linksys

Last week, Ars Technica reported a massive new vulnerability had been discovered in Linksys routers. Bad Packets researcher Troy Mursch revealed over 21,000 of its networking devices that store easily accessible records of all the machines with which they’ve been networked were at risk. Mursch’s research also indicates more than 30 different varieties of Linksys routers are affected by the data leak.

Data Leak Details

Using data from a search engine of Internet-connected devices, Bad Packets found they could access more than 21,000 Linksys routers. Researchers also discovered they could collect the MAC addresses, names, operating systems, and other identifying characteristics of every mobile device that joined the routers’ networks. With a small bit of code, the firm could harvest info on 756,565 smartphones, laptops, and tablets.

While the information leaked by the networking devices isn’t directly compromising, hackers can still use it to perform malicious attacks. In January, a cybercriminal group used harvested MAC addresses to execute an elaborate command-and-control hack via a compromised software updater. Ultimately, the rogue operators gained access to half a million machines and installed malware on 600 targeted devices.


Remote Access Vulnerability

Bad Packets also revealed the Linksys data leak left thousands of routers vulnerable to take over attacks. The group performed a scan that indicated 4,000 affected routers were still using their default passwords. As such, hackers could access the insecure networking devices and insert malware on every mobile device with which they were connected.

Researchers explained the firm’s machines were especially vulnerable because they require remote access to function.

Mursch said he told Linksys, a Belkin subsidiary, about the issue before making a public disclosure. However, the tech company noted it already patched the vulnerability and would not be taking further action. The firm stated it fixed the problem via a firmware update with its equipment back in 2014. It further noted it could not exploit the vulnerability Mursch uncovered in its tests.

Based on Bad Packet’s research, two scenarios would explain the ongoing Linksys data leak concern. One, the firmware update the company sent out didn’t fix the problem. Alternatively, consumers left their networks at risk because they didn’t perform the required firmware update.

Recently, hackers have used subverted routers to pull off significant man-in-the-middle hacks. For instance, the BlackTech group exploited a router vulnerability to carry out a series of cyber attacks in Hong Kong, Japan, and Taiwan. Using the technique, the operators accessed government records, private financial industry data, and healthcare provider systems.

The Importance of Data Security Hygiene

Though the Linksys data leak is unsettling, its disclosure is necessary. All too often, consumers believe their data is secure after they install some commercial antivirus software. The truth is hackers can bypass even the most sophisticated cybersecurity programs if users don’t perform regular software updates. It’s worth remembering that proper cyber hygiene is quintessential to data security.

Unfortunately, Facebook and Yahoo can’t always be counted on to protect their users’ information. Consequently, individuals have to take matters into their own hands by changing passwords regularly, using two-factor authentication, and performing all suggested software updates.

Facebook Comments