Hackers Could Hijack Linksys Routers: Here's What to Do

Last year, security researchers discovered that Netgear routers were tremendously vulnerable to malicious hacks; now, it’s Linksys’s turn to be in the hot seat.

Credit: LinksysCredit: Linksys

Some of the company’s most popular routers are vulnerable to 10 different exploits, ranging from the trivial to the catastrophic. Worse still: At present, there’s no fix. Linksys has provided a few workarounds for savvy users, but given how infrequently people pay attention to their routers, the vulnerabilities could pose a risk for some time to come.

This information comes from IOActive, a Seattle-based security firm that notified Linksys of the flaws it discovered back in January. The two companies have been working together to isolate and patch the issues since then, although the work is ongoing. Briefly, the issues affect the Linksys line of Smart Wi-Fi routers, which includes more than 20 ubiquitous models, available all around the world.

MORE: Best Wi-Fi Routers

Before getting into details about how the exploits work, it’s important to know how to protect yourself from them. Linksys issued a security advisory, recommending that customers disable Guest Networks on their routers. (For obvious reasons, IOActive did not disclose exactly how the vulnerabilities work, but we can hazard a guess that some of the more serious ones target issues in the Guest Network framework.)

For those who aren’t familiar with the Guest Network feature, it lets guests in your home or office use your wireless network under an alternate name and password. To disable the feature, you’ll need to access your Linksys cloud account, then select Guest Access and toggle the switch to Off. Linksys provides full instructions on how to do this.

The company also recommends that users enable Automatic Updates, so that they’ll receive patches for the vulnerabilities as soon as patches are available. This shows how. Users should also change the default administrator password for the Linksys router software, although frankly, you should have done that by now anyway; having a default password is always a vulnerability, even when there no specific exploits to target it. Here's how to do that.

As stated above, IOActive did not explain any of the vulnerabilities in great detail, but did give an idea of how some of the more dangerous ones might work. Two of the issues could let a cybercriminal block a router's functions with a denial-of-service attack, making internet access impossible. Another vulnerability lets attackers bypass the router’s authentication procedures and collect information on connected devices as well as Wi-Fi passwords.

The most dangerous vulnerability allows attackers to hijack a router and gain root privileges. With access to the deepest level of the router’s interface, cybercriminals could either take it over outright, or — and this is more likely — create invisible “backdoor” access points for themselves, which would allow them to monitor anything on a user’s network, anytime they like, or even redirect traffic to malicious websites, without arousing suspicion.

IOActive highlighted the following routers as potentially vulnerable, some of which have received high marks from Tom’s Guide reviews:

  • EA2700
  • EA2750
  • EA3500
  • EA4500v3
  • EA6100
  • EA6200
  • EA6300
  • EA6350v2
  • EA6350v3
  • EA6400
  • EA6500
  • EA6700
  • EA6900
  • EA7300
  • EA7400
  • EA7500
  • EA8300
  • EA8500
  • EA9200
  • EA9400
  • EA9500
  • WRT1200AC
  • WRT1900AC
  • WRT1900ACS
  • WRT3200ACM

As always, it’s important to remember that your router is your access point to the whole Internet, for good and ill. If you haven’t already, take some time to secure it, and be sure to check in once a month or so to confirm that you have the latest firmware available.

Create a new thread in the Off-Topic / General Discussion forum about this subject
No comments yet
    Your comment