Security researcher Troy Mursch, Chief Research Officer of Bad Packets, discovered that over 20,000 Linksys wireless routers are leaking full historical records of every device ever connected to them.
The leaked information includes devices’ unique identifiers, names, and operating systems, clearly, these data could be abused by hackers for attacks.
According to Mursch, the root cause of the data leak is a persistent vulnerability that resides in dozens of models of Linksys routers. Unfortunately, the flaw is very easy to exploit, and it is possible.
The devices continue to leak the information even when their firewall is turned on.
The expert used the Binary Edge IoT search engine to find vulnerable devices, earlier this week he discovered 25,617 routers that were leaking a total of 756,565 unique MAC addresses.
The disclosure of the historical records of devices that have connected to a specific router exposes the users to attacks, the knowledge of MAC addresses could be abuse by APT groups in targeted attacks, like the recent supply chain attack against ASUS.
The situation could be worse if owners of the routers were using default admin credentials. The issue discovered by the expert, in fact, could be used by attackers to discover if the vulnerable routers are still using default administrative passwords.
Mursch discovered that about 4,000 of the vulnerable devices were still using the default admin credentials. The vulnerable routers have remote access enabled by default, a gift for hackers that can perform a broad range of malicious activities, such as change DNS settings and deliver malware.
Mursch reported the flaw to Linksys, but unfortunately, the company closed the issue as “Not applicable / Won’t fix.”
If you are using one of the vulnerable devices you would replace it.
If you manage a MongoDB instance follow the guidelines on “how to secure a MongoDB database”
If you appreciate my effort in spreading cybersecurity awareness, please vote for Security Affairs in the section “Your Vote for the Best EU Security Tweeter”
(SecurityAffairs – LinkSys, Data leak)