Large security problem revealed to Linksys Wireless Router, which makes their use dangerous if you do not change them or replace the FW with a third party such as OpernWrt.
ΠMore than 20.000 Linksys wireless routers leak complete history files of each device ever connected to them, including unique device identifiers (MAC Addresses), names, and operating systems. The data can be used by snoops or hackers in targeted or opportunistic attacks.
The independent researcher Troy Mursch stated that the leak is the result of a permanent defect in nearly thirty-year-old Linksys router models. It took about 25 minutes for the search engine Binary Edge of Internet-connected devices to find 21.401 vulnerable devices on Friday.
A scan earlier in the week found 25.617. A total of 756.565 unique MAC addresses were leaked. Defective exploitation requires only a few code snippets that collect each MAC address, device name, and operating system that has ever been associated with each of them.
The flaw allows snoops or hackers to gather different information that most people assume is not public. By combining the history file of devices connected to public IP addresses, those who hack the Router can track the movements of people they want to track.
This revelation may also be useful to hackers. The Shadowhammer team, for example, has recently infected up to 1 million devices after being hacked by computer software maker ASUS. The hackers then used a list of about 600 MAC addresses of specific targets which, if infected, would receive parts of the malware.
In addition to leaking device information, vulnerable routers also report all recent passwords to manage them. A Mursch scan earlier this week found that some 4.000 of the vulnerable devices were still using the default password.
Routers, he said, have remote access enabled by default and can not be disabled as an alternative because a companion application to Linksys needs to work. This scenario makes it easy for hackers to quickly scan downloadable devices. from distance.
Hackers can then obtain the plain text SSID Wi-Fi password, change the DNS settings to send connected devices to malicious addresses, or perform a series of other interventions. A recent team, known as the BlackTech Group, used similar attacks on routers to install Backdoor Plead on targeted computers.
Mursch told Ars that his tests show that the devices are vulnerable even when the firewall is turned on. He also said that the devices continue to be vulnerable even after running a Linksys patch released in 2014.
Mr Mursch said he had made the leak public, citing Linksys staff members who simply closed the report with "No validity / will not be fixed". Ars also e-mailed the results of his investigation to spokesmen for Belkin, the company that acquired Linksys in 2013, but never received a response.
The list of vulnerable devices released by Mursch can be found. You can see an image of the list below:
So those who use one of these devices should replace them with a newer model or replace the Linksys firmware with a third one like OpenWrt.
[the_ad_group id = ”966 ″]ΜDo not forget to join (register) in our forum, which can be done very easily by the following button…
(If you already have an account in our forum you do not need to follow the registration link)
Follow us on Telegram!
