Security flaws in Linksys routers have been discovered by researchers, who found that vulnerable Wi-Fi routers could be exploited and turned into botnets.
Researcher Tao Sauvage from cyber security firm IOActive Group and independent researcher Antide Petit, uncovered ten separate vulnerabilities in more than 20 Linksys Smart Wi-Fi routers, and identified some 7,000 devices susceptible to exploitation.
“A number of the security flaws we found are associated with authentication, data sanitisation, privilege escalation, and information disclosure,” said Sauvage.
“Additionally, 11 percent of the active devices exposed were using default credentials, making them particularly susceptible to an attacker easily authenticating and potentially turning the routers into bots, similar to what happened in last year’s Mirai Denial of Service (DoS) attacks.”
IOActive informed Linksys of the vulnerabilities in January, and both companies have been working together to plug the security holes.
Currently, Linksys and IOActive have come up with a workaround to avoid the risks posed by the vulnerabilities, until Linksys pushes out a firmware patch in the coming weeks.
Linksys’s advisory advises users to enable automatic updates on their router, disable the Wi-Fi guest network if it’s not being used, and naturally change the default administrators password.
With the potential to turn Wi-Fi routers into botnets and wreak havoc in a similar vein to the Mirai botnet, such flaws are deeply problematic, particularity when the distribution of routers from established brands is worldwide.
Are you a security pro? Try our quiz!
Thoma Bravo agrees to acquire Darktrace for $5.32 billion in cash, delivering some welcome news…
Customer adoption of AI services embedded in cloud services continues to deliver results for Microsoft,…
TikTok's 'secret source' algorithm is so core to ByteDance, it would rather shut down US…
After relocating from California to Texas in 2020, Oracle's Larry Ellison now reveals plan to…
Share price hit after Meta admits heavy AI spending plans, after posting strong first quarter…
For third time Google delays phase-out of third-party Chrome cookies after pushback from industry and…