Linksys this week identified several vulnerabilities in its router firmware that allow hackers to bypass authentication and perform denial of service (DDoS) attacks.
The company said it is working on a fix for the vulnerabilities, which were discovered by security researchers at IOActive in January and affect more than two dozen models of Linksys wireless routers in the WRT and EAxxx series.
IOActive found 10 separate issues in the Linksys firmware, including high-risk vulnerabilities that could let hackers exploit routers using default credentials to log in, view router settings, and execute remote commands.
"Two of the security issues we identified allow unauthenticated attackers to create a Denial-of-Service (DoS) condition on the router," IOActive researcher Tao Sauvage wrote in a blog post. "By sending a few requests or abusing a specific API, the router becomes unresponsive and even reboots. The Admin is then unable to access the web admin interface and users are unable to connect until the attacker stops the DoS attack."
Related
- The Best Wireless Routers of 2017The Best Wireless Routers of 2017
The vulnerabilities, which are similar to those found in many other Internet of Things (IoT) devices, are particularly worrisome because they could be used in future attacks of the sort that took large swaths of the internet offline for several hours last fall.
Sauvage said that "11 percent of the active devices exposed were using default credentials, making them particularly susceptible to an attacker easily authenticating and potentially turning the routers into bots, similar to what happened in last year's Mirai Denial of Service (DoS) attacks."
Linksys published a full list of the router models that are affected, and suggested that owners change the default password for their administrator account. The company said it is working to provide a firmware update for all of the affected models, but didn't offer details on when it would be ready.
It only works in certain conditions, but you might not even notice.
A good router is essential to making the most of your PC, phone, and other connected devices. Here are our top-rated models, along with advice about shopping for one.
DoS (Denial of Service) and DDoS (Distributed Denial of Service) attacks are becoming increasingly common and potent. Denial of Service attacks come in many forms, but share a common purpose: stopping users from accessing a resource, whether it’s a web page, email, the phone network, or something
By now, most people know that an open Wi-Fi network allows people to eavesdrop on your traffic. Standard WPA2-PSK encryption is supposed to prevent this from happening — but it’s not as foolproof as you might think.
Newer Linksys routers have a File Server feature that allows you to plug in a USB drive and access its files from anywhere–ensuring you’ll never be too far away from your library of favorite movies, music, and pictures, no matter where you are in the world.
Relax Linksys Routers Vulnerable to DDoS Attacks stories
Operational since 2012, the botnet was the brainchild of one of the world's most notorious cyber criminals, who was arrested in Spain last week.
Approaching someone you don't know to ask them a favor doesn't work online any better than in real life.
Opportunity will find you and your business when you have a strong brand.
Orbi eliminates your wireless dead zones without adding any wires and now caters to smaller homes at lower price points.
Verizon will blast gigabit Internet into your window. At MWC, we saw how that will happen.
Emotionally intelligent people know these phrases are off limits in casual conversation because people take them the wrong way.
A great face-to-face connection can help you jump start the career you've always wanted.
Who are you, and what can you contribute? Once your consumer audience knows these things, you're on your way.
Mentors. Community mavens. Peers. All have something to offer you and your business, if you know how to ask.
These successful professionals share a similar approach to life and work. Here's a concise list of their secrets.
Follow these steps to ensure you do not make these networking mistakes.
NASA's Cassini spacecraft will celebrate Earth Day by making its closest fly-by of Saturn's moon Titan before starting its months-long final journey to crash into the faraway planet.
It’s a live-streaming mixed-reality scavenger hunt and everyone’s invited.
It used to be that you'd need to be part of Twitch's exclusive 'Partner' program to start making a living for broadcasting yourself. That's changing with the new 'Affiliate' program.
The first ARM-based laptops running Windows 10 should launch 'in the fourth calendar quarter,' according to Qualcomm's CEO.
Google Play Music is the default music app on the Galaxy S8, and owners will get a few extra perks.
The chill snowboarding game 'Alto's Adventure' already has this implemented. Hopefully you want a $50 plush llama.
Project Portal at the Port of Los Angeles tests the feasibility of using hydrogen-powered semis to move freight.
A lawsuit filed yesterday in the Southern District of New York claims that the Windows version of Confide doesn't offer screenshot protection.
Affordable wireless audio has come a long way in recent years. Here are our top-rated under-$100 Bluetooth speakers along with what you need to know when shopping for one.
Studios will soon have a much cheaper option for professional 360 cameras.