Security researchers uncover 10 separate issues making thousands of popular Wi-Fi routers susceptible to attack
Seattle, Wash. – April 20, 2017 – IOActive, Inc., the worldwide leader in research-driven security services, today released information on a number of cybersecurity vulnerabilities found in more than 20 models of Linksys Smart Wi-Fi Routers. The vulnerabilities identified, if exploited, could allow attackers to overload a router and force a reboot, deny user access, leak sensitive information about the router and connected devices, and change restricted settings. IOActive and Linksys have worked together since the findings were disclosed and a security advisory has been issued by Linksys, including a workaround for customers until final firmware updates are posted in the coming weeks.
The research was authored by IOActive senior security consultant, Tao Sauvage, and independent security researcher Antide Petit.
Sauvage and Petit’s research, conducted during Q4 of 2016, included reverse engineering of the firmware, definition of the attack surface and code review and penetration testing of the exposed functions. They uncovered 10 vulnerabilities, ranging from low to high risk, present in over 20 router models in production and distributed widely today. An initial search identified over 7,000 vulnerable devices exposed on the Internet at the time of the scan.
“A number of the security flaws we found are associated with authentication, data sanitization, privilege escalation and information disclosure,” said Sauvage. “Additionally, 11 percent of the active devices exposed were using default credentials, making them particularly susceptible to an attacker easily authenticating and potentially turning the routers into bots, similar to what happened in last year’s Mirai Denial of Service (DoS) attacks.”
IOActive informed Linksys of the vulnerabilities in January 2017, and the two companies have been working closely and cooperatively through responsible disclosure to validate and address the issues found. The Linksys security team has been extremely receptive and responsive in working through the findings, addressing the issues uncovered and taking the necessary steps to protect its consumers.
“Working together with IOActive, we’ve been able to efficiently put a plan together to address the issues identified and proactively communicate recommendations for keeping customer devices and data secure,” said Benjamin Samuels, Application Security Engineer at Belkin (Linksys Division). “Security is a high priority and by taking a few simple steps, customers can ensure their devices are more secure while we address the findings. IOActive has been a great partner throughout what’s been a text book example of researcher and vendor working cooperatively together through responsible disclosure for the good of the customer.”
IOActive is the industry’s only research-driven, high-end information security services firm with a proven history of better securing our customers through real-world scenarios created by our security experts. Our world-renowned consulting and research teams deliver a portfolio of specialist security services ranging from penetration testing and application code assessment to chip reverse engineering across multiple industries. IOActive is the only security services firm that has a dedicated practice focusing on Smart Cities and the transportation and technology that connects them. Global 500 companies across every industry continue to trust IOActive with their most critical and sensitive security issues. Founded in 1998, IOActive is headquartered in Seattle, US, with global operations through the Americas, EMEA, and Asia Pac regions. Visit www.ioactive.com for more information. Follow IOActive on Twitter: http://twitter.com/ioactive.