SoylentNews
SoylentNews is people
https://soylentnews.org/

Title    Over 21,000 Linksys Routers Leaked Their Device Connection Histories
Date    Monday May 20 2019, @10:51AM
Author    Fnord666
Topic   
from the talktative-devices dept.
https://soylentnews.org/article.pl?sid=19/05/20/0128256

upstart writes:

Submitted via IRC for AnonymousLuser

Over 21,000 Linksys routers leaked their device connection histories

Over 21,000 Linksys routers leaked their device connection historiesLinksys, however, says it can't replicate the apparent flaw.Sponsored Links

Certain Linksys WiFi routers might be sharing far more data than their users would like. Security researcher Troy Mursch has reported that 33 models, including some Max-Stream and Velop routers, are exposing their entire device connection histories (including MAC addresses, device names and OS versions) online. They also share whether or not their default passwords have changed. Scans have shown between 21,401 and 25,617 vulnerable routers online, 4,000 of which were still using their default passwords.

The attack appear to be relatively straightforward and involves little more than visiting an exposed router's internet address and running a device list request. It works whether or not the router's firewall is turned on, Mursch toldArs Technica, and isn't affected by a patch Linksys released in 2014.

There are potentially serious consequences. Complete connection histories could tell hackers if there are juicy targets on a given network, such as a phone running outdated software, while stalkers might find out if their victim had visited a given location. The password status, meanwhile, could make it easy to hijack devices for the sake of botnets and other online crimes.


Original Submission

Links

  1. "upstart" - https://soylentnews.org/~upstart/
  2. "Over 21,000 Linksys routers leaked their device connection histories" - https://www.engadget.com/2019/05/18/linksys-routers-leak-device-connection-histories/
  3. "reported" - https://badpackets.net/over-25000-linksys-smart-wi-fi-routers-vulnerable-to-sensitive-information-disclosure-flaw/
  4. "Max-Stream" - https://www.engadget.com/2016/09/17/linksys-ea9500-review/
  5. "Velop" - https://www.engadget.com/2017/01/03/linksys-wifi-mesh-system-will-cover-your-home-in-all-the-wifi/
  6. "told" - https://arstechnica.com/information-technology/2019/05/33-linksys-router-models-leak-full-historic-record-of-every-device-ever-connected/
  7. "botnets" - https://www.engadget.com/2018/09/13/kelihos-botnet-operator-pleads-guilty/
  8. "Original Submission" - https://soylentnews.org/submit.pl?op=viewsub&subid=33879

© Copyright 2024 - SoylentNews, All Rights Reserved

printed from SoylentNews, Over 21,000 Linksys Routers Leaked Their Device Connection Histories on 2024-03-29 09:44:22