25,000 Linksys routers are reportedly leaking details of any device that has ever connecte...

Posted:
in General Discussion edited May 2019
The flaw that may have been leaking data since 2014 reportedly exposes routers that haven't had their default passwords changed, and it can even help lead hackers to physically locate devices and users in the real world.




Researcher Troy Mursch claims that in excess of 25,000 Linksys Smart Wi-Fi routers currently in use have a flaw that means significant data is accessible by hackers. Writing in Bad Packets Report, a "cyber threat intelligence" company, he says sensitive information is being leaked, although the manufacturer now denies this.

Linksys was bought in 2013 by Belkin -- and that firm was then bought by Foxconn in 2018 -- and that firm says that its staff haven't been able to reproduce Mursch's findings.

"We quickly tested the router models flagged by Bad Packets using the latest publicly available firmware (with default settings) and have not been able to reproduce [it]," said Linksys in an online security advisory, "meaning that it is not possible for a remote attacker to retrieve sensitive information via this technique."

Linksys further says that this is because the flaw was fixed in 2014. However, Mursch disagrees.

"While [this flaw] was supposedly patched for this issue, our findings have indicated otherwise," says Bad Packets. "Upon contacting the Linksys security team, we were advised to report the vulnerability... After submitting our findings, the reviewing analyst determined the issue was 'not applicable/won't fix' and subsequently closed."

If your router is one of those leaking information in this way, then the details that may be available to hackers include the MAC address of every device connected now -- or ever.

It can also include device names like "William's iPhone" plus whether the device is a Mac, PC, iOS or Android device. The combination of a MAC address and Linksys Smart Wi-Fi routers' public IP address can mean that hackers could geo-locate or track "William," claims Mursch.

More easily and immediately discovered, though, is whether a router's default admin password has been changed or not.

This flaw and Linksys/Belkin's response were first reported by Ars Technica which notes that the number of affected routers appears to be reducing. After the initial report of 25,617, a repeat of the test some days later revealed 21,401 vulnerable devices.

A complete list of the Linksys router models reported affected is on the Bad Packets site.
«13

Comments

  • Reply 1 of 49
    kkqd1337kkqd1337 Posts: 424member
    i currently 'trust' google to look after my router
    ravnorodom
  • Reply 2 of 49
    thttht Posts: 5,421member
    I’m keeping my AirPort Extreme until it breaks.

    I used to use Linksys routers in the aughts. Not a pleasant experience.
    racerhomie3StrangeDaysdysamoriaNotsofastpscooter63
  • Reply 3 of 49
    RhythmagicRhythmagic Posts: 63unconfirmed, member
    I knew it was a suspicious.  
  • Reply 4 of 49
    davendaven Posts: 696member
    Changing the password should be one of the first things you do when getting a new router. I had a Netgear router that was great but somehow it got corrupted during a reboot after a power outage so I picked up a used Airport Extreme dirt cheap. I miss the control I had with the Netgear but love it that having a small market share router means I fly under the radar for most hackers.

    Like Tht, I'm keeping it until it breaks.
    edited May 2019 racerhomie3JWSCwatto_cobra
  • Reply 5 of 49
    sflocalsflocal Posts: 6,092member
    It's news reports like these that makes me wish that Apple gets back in the router business.  I've owned every brand of consumer router made and they were all garbage.  From hardware instabilities requiring a monthly reboot, to software vulnerabilities, and downright failures every six months.  They were trash.  I own sever multi-unit apartment buildings and provide Internet access to each one as a courtesy.  Having routers fail every few months, or get unstable every few weeks was frustrating.

    A friend recommended I try an Apple Extreme.  Out of desperation I tried one and after a couple months of testing in one unit, it was love from that point forward.  I purchased a bunch of them to replace all the Chinese crap and in 10 years since having them installed, have never had one fail or act strangely.  It broke my heart when I heard Apple was getting out of that business.

    Eventually, I read a report that many of those crap routers (Netgear, Linksys, D-link) were all failing due to the companies going the cheap route and transitioned from quality Japanese capacitors to the crappy, cheap Chinese-made capacitors and just like most things coming out of that country, was complete junk.  Apparently, many of those companies abandoned them and went back to more reliable capacitor from Japan.

    thtchasmlostkiwiirelandracerhomie3macseekermonstrosityolsStrangeDaysNotsofast
  • Reply 6 of 49
    Appleuser22Appleuser22 Posts: 1unconfirmed, member
    It seems like in the Connectivity section under Administration there is a tick box for Remote access that should (unchecked) fix the issue - just loose away from home access ?
    watto_cobra
  • Reply 7 of 49
    thttht Posts: 5,421member
    sflocal said:
    It's news reports like these that makes me wish that Apple gets back in the router business.  I've owned every brand of consumer router made and they were all garbage.  From hardware instabilities requiring a monthly reboot, to software vulnerabilities, and downright failures every six months.  They were trash.  I own sever multi-unit apartment buildings and provide Internet access to each one as a courtesy.  Having routers fail every few months, or get unstable every few weeks was frustrating.

    A friend recommended I try an Apple Extreme.  Out of desperation I tried one and after a couple months of testing in one unit, it was love from that point forward.  I purchased a bunch of them to replace all the Chinese crap and in 10 years since having them installed, have never had one fail or act strangely.  It broke my heart when I heard Apple was getting out of that business.

    Eventually, I read a report that many of those crap routers (Netgear, Linksys, D-link) were all failing due to the companies going the cheap route and transitioned from quality Japanese capacitors to the crappy, cheap Chinese-made capacitors and just like most things coming out of that country, was complete junk.  Apparently, many of those companies abandoned them and went back to more reliable capacitor from Japan.
    Yup. My Linksys WiFi router experience consisted of monthly reboots, crashing when too many devices connected to them. Tried a Netgear once and the range on it end up being less, with poor signal quality in the corners of the house and no WiFi outside the house. The AirPort Extreme routers provide signal within 20 ft outside my house.

    The AirPort Extreme WiFi routers have been mostly trouble free, with maybe one incident per year or every two years. That’s better than the cable service. Thinking of getting a second AirPort Extreme just in case.
    racerhomie3olsdysamoriawatto_cobra
  • Reply 8 of 49
    chasmchasm Posts: 3,275member
    21,000? At first I thought this must be a typo. Of course Linksys can't find it -- that's probably 0.001 percent of the number of these routers ever sold. I'm frankly suspicious of Mr. Mursch's claims, given that his claim of how many of the routers might be affected has already been revised significantly downwards. That said, way too many routers ship with flaws, a poor interface and other obstacles to making them more resistant to attack and too easy to "stick with the defaults" on the user's end.

    Count me also as a fan of the AirPort line of routers, and another advocate for the idea that Apple should re-enter the market with a new line that emphasizes features the previous one had but were never advertised -- ironclad firmware, optional strong encryption, and other security features that make some of their last routers **STILL** among the most secure around (albeit not capable of "mesh" or 802.11ac speeds).

    A new line of "ultra-secure yet incredibly easy to use" routers would do more than well enough to justify costs/manufacture, and offer yet another portal for consumers to get "The Apple Experience" even if they are on lesser equipment.
    edited May 2019 mike54lostkiwiolsdysamoriapscooter63watto_cobra
  • Reply 9 of 49
    wood1208wood1208 Posts: 2,905member
    Made in China ? What you expect !!
    StrangeDays
  • Reply 10 of 49
    22july201322july2013 Posts: 3,564member
    I wanted to contribute to this thread in some constructive (and hopefully controversial) way. So I investigated if Apple's Airport Extreme and Time Capsule devices (of which I own both) are routers or hubs (or perhaps bridges or switches). I have occasionally configured hubs, routers, firewalls and switches at work and at home, but I'm hardly a networking expert. Others on this forum will talk me down about something here. I conclude that since Airport Extreme and Time Capsule permit NAT and DHCP, they do qualify (barely) as routers. However they have three modes, and one mode, called Bridge Mode, is most likely what people use and makes the device more of a hub than a router. They also work as wireless hubs (which are usually called wireless routers). They do not appear (as far as I can tell) to have the necessary logic (ie, restricting broadcasts of messages) to be called a Switch. They do appear to prevent incoming traffic which essentially makes them function like a primitive, but useful, firewall. My Airport Extreme is currently unplugged but I looked closely at my Time Capsule. I was surprised that it has the ability to limit (all) wireless devices access to the outside based on time frames. That's an optional feature for a router, above the minimum of NAT and DHCP. But that feature is buggy on my Time Capsule (because, as I type the name of my device, my typing is not visible, there isn't even a flashing cursor). Of course the Time Capsule also implements a Hard Drive wireless protocol. And I think the Extreme supports both a printer and speaker (not a disk) for wireless access. These features go above and beyond basic router features. But the Extreme and Time Capsule both appear to be missing the more sophisticated controls that I used to see on my routers at work, specifically with regard to network rules. So in conclusion I would call them "simple routers" (if not configured in Bridge mode) as opposed to "full routers". I'm not sure if even Apple knows what percentage of its Airport Extreme and Time Capsule devices are configured to use their respective Router features, or whether they are just used in Bridge mode. But since they stopped selling these devices, I'm inferring from that that they know people are not using their networking/router features. But I love my devices and I wouldn't even sell them now for what I paid for them years ago. But for twice my purchase price, I'd probably let them go.
    muthuk_vanalingam
  • Reply 11 of 49
    MacProMacPro Posts: 19,718member
    "... reportedly exposes routers that haven't had their default passwords changed"

    This is called Darwinism.
    electrosoftpscooter63JWSC
  • Reply 12 of 49
    sflocalsflocal Posts: 6,092member
    tht said:
    sflocal said:
    It's news reports like these that makes me wish that Apple gets back in the router business.  I've owned every brand of consumer router made and they were all garbage.  From hardware instabilities requiring a monthly reboot, to software vulnerabilities, and downright failures every six months.  They were trash.  I own sever multi-unit apartment buildings and provide Internet access to each one as a courtesy.  Having routers fail every few months, or get unstable every few weeks was frustrating.

    A friend recommended I try an Apple Extreme.  Out of desperation I tried one and after a couple months of testing in one unit, it was love from that point forward.  I purchased a bunch of them to replace all the Chinese crap and in 10 years since having them installed, have never had one fail or act strangely.  It broke my heart when I heard Apple was getting out of that business.

    Eventually, I read a report that many of those crap routers (Netgear, Linksys, D-link) were all failing due to the companies going the cheap route and transitioned from quality Japanese capacitors to the crappy, cheap Chinese-made capacitors and just like most things coming out of that country, was complete junk.  Apparently, many of those companies abandoned them and went back to more reliable capacitor from Japan.
    Yup. My Linksys WiFi router experience consisted of monthly reboots, crashing when too many devices connected to them. Tried a Netgear once and the range on it end up being less, with poor signal quality in the corners of the house and no WiFi outside the house. The AirPort Extreme routers provide signal within 20 ft outside my house.

    The AirPort Extreme WiFi routers have been mostly trouble free, with maybe one incident per year or every two years. That’s better than the cable service. Thinking of getting a second AirPort Extreme just in case.
    When Apple announced the discontinuing of the Airport products, I bought five of them as backups in case I ever need to replace them.  Haven't touched them yet.
    dysamoriawatto_cobra
  • Reply 13 of 49
    wonkothesanewonkothesane Posts: 1,717member
    sflocal said:
    It's news reports like these that makes me wish that Apple gets back in the router business.  I've owned every brand of consumer router made and they were all garbage.  From hardware instabilities requiring a monthly reboot, to software vulnerabilities, and downright failures every six months.  They were trash.  I own sever multi-unit apartment buildings and provide Internet access to each one as a courtesy.  Having routers fail every few months, or get unstable every few weeks was frustrating.

    A friend recommended I try an Apple Extreme.  Out of desperation I tried one and after a couple months of testing in one unit, it was love from that point forward.  I purchased a bunch of them to replace all the Chinese crap and in 10 years since having them installed, have never had one fail or act strangely.  It broke my heart when I heard Apple was getting out of that business.

    Eventually, I read a report that many of those crap routers (Netgear, Linksys, D-link) were all failing due to the companies going the cheap route and transitioned from quality Japanese capacitors to the crappy, cheap Chinese-made capacitors and just like most things coming out of that country, was complete junk.  Apparently, many of those companies abandoned them and went back to more reliable capacitor from Japan.

    This. 
    watto_cobra
  • Reply 14 of 49
    SoliSoli Posts: 10,035member
    It can also include device names like "William's iPhone" plus whether the device is a Mac, PC, iOS or Android device. The combination of a MAC address and Linksys Smart Wi-Fi routers' public IP address can mean that hackers could geo-locate or track "William," claims Mursch.
    I'm always amazed by how many people use their real name for devices. If you only ever connected to your local WiFi and never had AirDrop on that would be fine, but I see it on public WiFi and AirDrop all the time. Why even have Everyone set on your AirDorp in the first place?

    Right now, I'm having an issue with my Beats headphones because they keep showing up with my real name, which I assume is pulled from my iCloud or primary contact card on my iPhone because my iPhone is simply named "iPhone". You can change it, but 10 minutes later it's back to the old name for reasons I can't figure out.


    daven said:
    Changing the password should be one of the first things you do when getting a new router. I had a Netgear router that was great but somehow it got corrupted during a reboot after a power outage so I picked up a used Airport Extreme dirt cheap. I miss the control I had with the Netgear but love it that having a small market share router means I fly under the radar for most hackers.

    Like Tht, I'm keeping it until it breaks.
    It should be, but people don't because they don't know how or understand the risks. People don't understand WiFi despite its ubiquitous use and I can't fault the users for that. I certainly don't understand everything about my automobiles despite owning several. The better router makers make you change it when you first set it up and have defaults for higher security.


    sflocal said:
    It's news reports like these that makes me wish that Apple gets back in the router business.  I've owned every brand of consumer router made and they were all garbage.  From hardware instabilities requiring a monthly reboot, to software vulnerabilities, and downright failures every six months.  They were trash.  I own sever multi-unit apartment buildings and provide Internet access to each one as a courtesy.  Having routers fail every few months, or get unstable every few weeks was frustrating.

    A friend recommended I try an Apple Extreme.  Out of desperation I tried one and after a couple months of testing in one unit, it was love from that point forward.  I purchased a bunch of them to replace all the Chinese crap and in 10 years since having them installed, have never had one fail or act strangely.  It broke my heart when I heard Apple was getting out of that business.
    It's looking like they're getting back into the monitor business with some newer technologies come WWDC. If that's the case, then having Apple getting back into the router business with, say, mesh networking and ease of setup similar to what Apples for devices connecting with a W1 or H1 chip could bring back superior routing to the market. There does seem to be a push for better and faster routers of the mesh variety that consumers are willing to pay good money for so there could be a worthwhile market for Apple.
    edited May 2019 StrangeDayspscooter63watto_cobra
  • Reply 15 of 49
    ivanhivanh Posts: 597member
    kkqd1337 said:
    i currently 'trust' google to look after my router
    Is that enough?
    Are you using any Wi-Fi Smart Plugs or smart lights that require you to log in their Wi-Fi network for connection before asking you to tender your Wi-Fi password, or requiring you to create a cloud account to Manage those devices? 
    Are you using any devices owned by a China- or Shenzhen-based company? 
    Have you connected those devices or accessories via Google Home or Google Assistant or Amazon Alexa or Apple HomeKit?
    Then good luck on you.
    watto_cobra
  • Reply 16 of 49
    racerhomie3racerhomie3 Posts: 1,264member
    wood1208 said:
    Made in China ? What you expect !!
    Made in China isn’t necessarily bad. It’s just bad when it’s made by companies with no quality control.
    dysamoriacoolfactorwatto_cobra
  • Reply 17 of 49
    SoliSoli Posts: 10,035member
    wood1208 said:
    Made in China ? What you expect !!
    Made in China isn’t necessarily bad. It’s just bad when it’s made by companies with no quality control.
    I didn't know how to parse that comment since every device Apple makes has China's hands on it.
    watto_cobra
  • Reply 18 of 49
    lkrupplkrupp Posts: 10,557member
    Get a grip people. Reads the first sentence. What does it say?

    "exposes routers that haven't had their default passwords changed”

    So this is actually a Darwin award for those idiots who never changed the default password of their router. I would imagine any router used with the default password would be vulnerable to some sort of exploit. That’s the very first thing I do when configuring a router... change the damn password it shipped with. Duh....
    edited May 2019 GeorgeBMacCarnageJWSCwatto_cobra
  • Reply 19 of 49
    larryjwlarryjw Posts: 1,031member
    Like others have said, they'll have to pry my Apple routers from my cold dead hands before I buy a router from someone else. What surprised me about Apple dropping their routers was my almost certainty that the Apple router products would be enhanced to be HomeKit hubs -- seemed a natural fit.
    dysamoriawatto_cobra
  • Reply 20 of 49
    DAalsethDAalseth Posts: 2,783member
    Of course if someone does not change the default ID and PW the router is wide open to anyone to do anything. Someone stealing the logs of systems that connected would the least of your worries.
    GeorgeBMacwatto_cobra
Sign In or Register to comment.