Home / / Over 25,000 Linksys Smart Wi-Fi routers leaked device connection histories

Over 25,000 Linksys Smart Wi-Fi routers leaked device connection histories

Security researcher Troy Mursch has reported that over several Linksys router models globally are revealing entire device connection histories online, 440 of them are from the UAE.

Over 25,000 Linksys Smart Wi-Fi routers leaked device connection histories
The Linksys Velop is one of the devices that has been affected.

Linksys users, especially those in the UAE, may have something to be concerned about. Specific Linksys Wifi routers have been found to be sharing their entire device connection histories (including MAC addresses, device names and OS versions) online.

Security researcher Troy Mursch, writing in in Bad Packets, has reported that 33 models have been affected by the vulnerability. They also share if their default passwords have been changed or not and this has affected between 21,401 and 25,617 vulnerable routers online, 4,000 of which were still using their default passwords. Linksys, however claim it fixed the flaw in 2014 can't replicate the flaw.

The attack can be done by visiting an exposed router's internet address and running a device list request and it supposedly works whether or not the router's firewall is on. Mursch told Ars Technica,

"While [this flaw] was supposedly patched for this issue, our findings have indicated otherwise," says Bad Packets. "Upon contacting the Linksys security team, we were advised to report the vulnerability... After submitting our findings, the reviewing analyst determined the issue was 'not applicable/won't fix' and subsequently closed." It can also include device names like "William's iPhone" plus whether the device is a Mac, PC, iOS or Android device. The combination of a MAC address and Linksys Smart Wi-Fi routers' public IP address can mean that hackers could geo-locate or track "William," claims Mursch.

Linksys were quick to respond, " We quickly tested the router models flagged by Bad Packets using the latest publicly available firmware (with default settings) and have not been able to reproduce CVE-2014-8244; meaning that it is not possible for a remote attacker to retrieve sensitive information via this technique. JNAP commands are only accessible to users connected to the router’s local network.

We believe that the examples provided by Bad Packets are routers that are either using older versions of firmware or have manually disabled their firewalls. Customers are highly encouraged to update their routers to the latest available firmware and check their router security settings to ensure the firewall is enabled."

Bad Packets have released a complete list of the Linksys router models reportedly affected and the region these routers are from. 440 of the affected devices are from the UAE.

Nevertheless it's prudent that Linksys users update their firmare and ensure their device firewalls are active, as this could expose it to attackers.
Follow us to get the most comprehensive IT Security news delivered fresh from our social media accounts on Facebook, Twitter, Youtube, and listen to our Weekly Podcast. Click here to sign up for our weekly newsletter on curated technology news in the Middle East and Worldwide.