Bugs Batter Linksys Routers Opening Them Up To Becoming Botnets

Security flaws in Linksys routers have been discovered by researchers, who found that vulnerable Wi-Fi routers could be exploited and turned into botnets.

Researcher Tao Sauvage from cyber security firm IOActive Group and independent researcher Antide Petit, uncovered ten separate vulnerabilities in more than 20 Linksys Smart Wi-Fi routers, and identified  some 7,000 devices susceptible to exploitation.

Linksys security holes

The security flaws, if exploited, could be used to overload a targeted router and force it to reboot, as well as deny a legitimate user access to it, leak sensitive information about the router and devices connected to it, and change restricted settings.

“A number of the security flaws we found are associated with authentication, data sanitisation, privilege escalation, and information disclosure,” said Sauvage.

“Additionally, 11 percent of the active devices exposed were using default credentials, making them particularly susceptible to an attacker easily authenticating and potentially turning the routers into bots, similar to what happened in last year’s Mirai Denial of Service (DoS) attacks.”

IOActive informed Linksys of the vulnerabilities in January, and both companies have been working together to plug the security holes.

Currently, Linksys and IOActive have come up with a workaround to avoid the risks posed by the vulnerabilities, until Linksys pushes out a firmware patch in the coming weeks.

Linksys’s advisory advises users to enable automatic updates on their router, disable the Wi-Fi guest network if it’s not being used, and naturally change the default administrators password.

With the potential to turn Wi-Fi routers into botnets and wreak havoc in a similar vein to the Mirai botnet, such flaws are deeply problematic, particularity when the distribution of routers from established brands is worldwide.

Are you a security pro? Try our quiz!

Roland Moore-Colyer

As News Editor of Silicon UK, Roland keeps a keen eye on the daily tech news coverage for the site, while also focusing on stories around cyber security, public sector IT, innovation, AI, and gadgets.

Recent Posts

Intel Celebrates As EU Court Strikes Down 2009 Antitrust Fine

Twelve year legal battle sees EU court grant Intel's appeal against $1.2 billion EU antitrust…

11 hours ago

US Commerce Dept Warns Of Severe Chip Shortages

Some manufacturers have less than 5 days supply of computer chips, putting US manufacturing at…

12 hours ago

The Future of Consumer Tech in Business

As consumer and business technologies continue to merge, and as businesses transform into post-pandemic enterprises,…

12 hours ago

IMF Urges El Salvador To Drop Bitcoin As Legal Tender

South American country El Salvador urged to reconsider its decision to adopt Bitcoin as legal…

15 hours ago

Google Sued For ‘Deceptive’ Location Tracking Practices

Four attorneys general in the US are suing Google for allegedly misleading users about when…

17 hours ago