IOActive today released information on a number of security vulnerabilities found in more than 20 models of Linksys Smart Wi-Fi Routers.
The vulnerabilities identified, if exploited, could allow attackers to overload a router and force a reboot, deny user access, leak sensitive information about the router and connected devices, and change restricted settings.
IOActive and Linksys have worked together since the findings were disclosed and a security advisory has been issued by Linksys, including a workaround for customers until final firmware updates are posted in the coming weeks.
The research was authored by IOActive senior security consultant, Tao Sauvage and independent security researcher Antide Petit. A blog post on the research and findings was published today.
Sauvage and Petit's research, conducted during Q4 of 2016, included reverse engineering of the firmware, definition of the attack surface and code review and penetration testing of the exposed functions. They uncovered 10 vulnerabilities, ranging from low to high risk, present in over 20 router models in production and distributed widely today. An initial search identified over 7000 vulnerable devices exposed on the internet at the time of the scan.
“A number of the security flaws we found are associated with authentication, data sanitisation, privilege escalation, and information disclosure,” said Sauvage. “Additionally, 11 percent of the active devices exposed were using default credentials, making them particularly susceptible to an attacker easily authenticating and potentially turning the routers into bots, similar to what happened in last year's Mirai Denial of Service (DoS) attacks.”
IOActive informed Linksys of the vulnerabilities in January 2017, and the two companies have been working closely and cooperatively through responsible disclosure to validate and address the issues found. The Linksys security team has been extremely receptive and responsive in working through the findings, addressing the issues uncovered, and taking the necessary steps to protect its consumers.
“Working together with IOActive, we've been able to efficiently put a plan together to address the issues identified and proactively communicate recommendations for keeping customer devices and data secure,” said Benjamin Samuels, application security engineer at Belkin (Linksys Division). “Security is a high priority and by taking a few simple steps, customers can ensure their devices are more secure while we address the findings.”