Over 25,000 Linksys Smart Wi-Fi routers leaked device connection histories

Security researcher Troy Mursch has reported that over several Linksys router models globally are revealing entire device connection histories online, 440 of them are from the UAE.

Tags: Linksys (www.linksys.com)RouterUnited Arab Emirates
  • E-Mail
Over 25,000 Linksys Smart Wi-Fi routers leaked device connection histories The Linksys Velop is one of the devices that has been affected.
By  Kevin Sebastian Published  May 19, 2019

Linksys users, especially those in the UAE, may have something to be concerned about. Specific Linksys Wifi routers have been found to be sharing their entire device connection histories (including MAC addresses, device names and OS versions) online.

Security researcher Troy Mursch, writing in in Bad Packets, has reported that 33 models have been affected by the vulnerability. They also share if their default passwords have been changed or not and this has affected between 21,401 and 25,617 vulnerable routers online, 4,000 of which were still using their default passwords. Linksys, however claim it fixed the flaw in 2014 can't replicate the flaw.

The attack can be done by visiting an exposed router's internet address and running a device list request and it supposedly works whether or not the router's firewall is on. Mursch told Ars Technica,

"While [this flaw] was supposedly patched for this issue, our findings have indicated otherwise," says Bad Packets. "Upon contacting the Linksys security team, we were advised to report the vulnerability... After submitting our findings, the reviewing analyst determined the issue was 'not applicable/won't fix' and subsequently closed." It can also include device names like "William's iPhone" plus whether the device is a Mac, PC, iOS or Android device. The combination of a MAC address and Linksys Smart Wi-Fi routers' public IP address can mean that hackers could geo-locate or track "William," claims Mursch.

Linksys were quick to respond, " We quickly tested the router models flagged by Bad Packets using the latest publicly available firmware (with default settings) and have not been able to reproduce CVE-2014-8244; meaning that it is not possible for a remote attacker to retrieve sensitive information via this technique. JNAP commands are only accessible to users connected to the router's local network.

We believe that the examples provided by Bad Packets are routers that are either using older versions of firmware or have manually disabled their firewalls. Customers are highly encouraged to update their routers to the latest available firmware and check their router security settings to ensure the firewall is enabled."

Bad Packets have released a complete list of the Linksys router models reportedly affected and the region these routers are from. 440 of the affected devices are from the UAE.

Belkin, Middle East, Turkey & Africa, the company that has acquired Linksys also had a statement issued through Managing Director, Amanullah Khan

"We take privacy and security concerns very seriously and are committed to providing the best experience and protection for our customers in the Middle East.  Within a typical home network and default setup configuration, our routers are secure against leaking sensitive information. In some uncommon cases that we've identified (approximately 0.2% of current Linksys routers in the field), users have made manual configuration changes to their router's firewall and may inadvertently allow themselves to become vulnerable. 

Nevertheless it's prudent that Linksys users update their firmare and ensure their device firewalls are active, as this could expose it to attackers.

These cases are: turning off your router’s firewall, using your router in bridge mode without a secure gateway or modem, or using 3rd party UPnP applications to open ports directly to your router.  “

We are committed to safeguarding our customers in the Middle East regardless of their environment or setup so while we work on addressing these rare edge cases with a future firmware update, please take the following steps to ensure your router is secure.

Keep firmware up to date by ensuring auto updates are enabled: https://www.linksys.com/us/support-article?articleNum=140124 .

Keep your firewalls enabled (they are by default).  If you have any questions or having issues with a service or app that requires you to open up ports on your router, please contact support: https://www.linksys.com/us/support-article?articleNum=155198 .

Change your router’s default admin password if haven’t done so already.If you choose to use your router as a bridge, ensure that an upstream router or other security device has a reliable firewall enabled.

Do not use 3rd party applications to open ports directly to your router or disable this feature completely by not allowing users to configure it: http://www.linksys.com/us/support-article?articleNum=135071 and reboot your router.

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code