back to article Flaws found in Linksys routers that could be used to create a botnet

Multiple models of Linksys Smart Wi-Fi Routers have vulnerabilities that might be exploited to create a botnet, security researchers at IOActive warn. The flaws could be abused to overload a router and force a reboot, deny user access, leak sensitive information about the router and connected devices, or change restricted …

  1. Jay 2
    Unhappy

    Don't hold your breath

    From previous experience, Linksys' pace of firmware releases are slower than glacial and are as frequent as hen's teeth. And when they do it'll be for something really important, like a logo change on an admin webpage.. http://cache-www.belkin.com/support/dl/Linksys%20X3500%201.0.01.006%20Release%20Note.txt

    Mind you, that seems to be par for the course for most manufacturers of 'leccy-using kit nowadays.

    1. asdf Silver badge

      Re: Don't hold your breath

      >From previous experience, Linksys' pace of firmware releases are slower than glacial and are as frequent as hen's teeth.

      You did check to make sure one of LEDE, OpenWRT, Gargoyle, DD-WRT, Tomato, etc. firmware supported the model you bought if for no other reason as a backup plan first before purchasing right? If not and you are IT person like most on this site no sympathy. Yes I understand the manufacturer should be providing something fit for purpose but then the political winds aren't exactly blowing that way these days. Custom roms/firmware are often your only chance of getting security updates much too soon after purchase.

      1. Voland's right hand Silver badge

        Re: Don't hold your breath

        You did check to make sure one of LEDE, OpenWRT, Gargoyle, DD-WRT, Tomato,

        Do not hold your breath ^2. Linksys is the wrong router if you want any of these and has been for a very long time. The proportion of the models that are supported (since the days of the venerable WRT54) is extremely low.

        You are much better off with TP Link or Buffalo.

        1. asdf Silver badge

          Re: Don't hold your breath

          >You are much better off with TP Link or Buffalo.

          Yeah personally not a big fan of Linksys but last I looked they are fairly open source friendly on their higher end consumer routers which they shameless tried to make look like the old WRT54 but failed and are charging a lot more for than the original. See a lot of complaints about wireless problems with TP Link. Have a Buffalo with DDWRT on it I gave to one of the kids to use as a wireless bridge and its the most powerful 2.4ghz in the house lol. Still very hard to beat Cerowrt on venerable old WNDR3800 for gaming performance as long as you can get by with 80211n and have say something like LEDE on your dsl modem so you don't have to expose 3 year old firmware code directly to the internet.

          1. Dan 55 Silver badge

            Re: Don't hold your breath

            Buffalos often have an official ddwrt build, from that you can update to a newer ddwrt build from their website or put openwrt on it.

          2. asdf Silver badge

            Re: Don't hold your breath

            Have tomato on an Asus RT-N53 (was low on money and needed 5ghz bridge several years back) and Gargoyle on old WNDR3700v2 I used as primary in the past but is yet a 3rd wireless bridge now. The only thing I have ever found stock firmware better for is in some cases you can get better sustained wireless throughput but that is rarely important to me and definitely not worth the garbage security that comes with stock firmware.

        2. Anonymous Coward
          Anonymous Coward

          Re: Don't hold your breath

          You are much better off with TP Link or Buffalo.

          Maybe, but I don't typically count how many models of a product range might suit my need and then choose the manufacturer based on that score. I want one single product that has to work well, regardless who built it. ;-)

          I'm happy with the Linksys WRT1900ACS. It's built to work well with OpenWRT (and advertised as such), and hell yes, it does!

          1. asdf Silver badge

            Re: Don't hold your breath

            >I'm happy with the Linksys WRT1900ACS.

            Yep that's one the one. That one is probably the way to go if you want cutting edge and don't mind dropping a couple hundred bucks. Although I would recommend moving to LEDE (OpenWRT fork where almost all the former OpenWRT devs went) instead OpenWRT as OpenWRT hasn't had a patch submitted since early February and is basically dead. Still when it comes to low network latency firmware at least in a consumer router I haven't found anything close to Cerowrt even if its dated (as I say don't use as main firewall to outside world). You can literally have three or four computers at the same time running multiple torrents and you won't notice gaming and won't see your ping to your dns ever go above 50ms (usually won't see it go more than 25% above no load value) if you set the SQM up up right. Supposedly most of its code was folded into OpenWRT and LEDE but neither has replicated what Dave did with Cerowrt fully. But again not the firmware to use if throughput is your goal plus requires using dated hardware now.

            1. asdf Silver badge

              Re: Don't hold your breath

              >You can literally have three or four computers at the same time running multiple torrents

              Forgot to mention you get this without having to do any kind of packet classification. Truly no knobs short of setting the max download and upload values to about 90% of your true WAN maximum.

              Edit: FYI looks like LEDE stable version 17.01.1 just dropped. Nice. For your WRT1900acs the link would be https://downloads.lede-project.org/releases/17.01.1/targets/mvebu/generic/

    2. Dan 55 Silver badge

      Re: Don't hold your breath

      I do like the way the first two build numbers have the same release version and then the next two build numbers are lower than the first two, again with the same release version. Reassuring, that.

  2. Halfmad Silver badge

    Smart eh?

    It's always the smart ones which are dumb.

    1. PTW
      FAIL

      Re: Smart eh?

      Anything with "smart" in the name should be viewed like countries with "Democratic" in their name.

    2. Huey

      Re: Smart eh?

      Yep. A while back the boss decided that he'd have 2 WRT1900AC's set-up in his house so muggins here had to go and set it up - not that I knew what he'd bought before I opened the front door.

      Faffed about for a while trying to get bridging sorted between them so that I could manage to network and maybe even failover between his fibre and backup broadband lines. Spending too long on the set-up as it wasn't as simple as "lets all follow the wizard". Next thing quick check yep they are on openwrt's list so quick firmware wipe and I was up and running glad I did that now even if he is an ex-boss.

  3. John Smith 19 Gold badge
    WTF?

    "Security is a high priority"

    As long as it doesn't cost us any money of course.

    I wonder, when they find these security holes do they keep them on file so they can run a regression test against the next version of the SW to make sure it does not have them?

    Stupid question, of course they should.

    But do they?

    1. fidodogbreath Silver badge

      Re: "Security is a high priority"

      As long as it doesn't cost us any money of course.

      Which is also why their phones are answered by an automated voice attendant, and 'tech support' is provided by chatbots.

  4. Pascal Monett Silver badge

    "11 per cent of the active devices exposed were using default credentials"

    That is a user issue. I doubt there's anything any company can do to thwart that kind of problem - unless the password is by default the serial number of the kit. Don't think that's very easy to set up, but it should be doable - for a certain sum, obviously.

    1. John Smith 19 Gold badge
      Unhappy

      "unless the password is by default the serial number of the kit."

      This is very difficult to do.

      Unless of course you have that as part of your MRP system and a setup script to take that and set it up on the router.

      In which case it's quite simple.

  5. mykingdomforanos

    Your router and firewall is no place for 'consumer-oriented' firmware

    Like others have done above, I installed first OpenWrt and then LEDE (an active and up-to-date fork of the former) on my Linksys WRT1900ACS. Despite the often repeated warnings about the potential for bricking the router, the installation was straightforward and went smoothly. With around 4800 available packages and coupled with a Vigor 130 modem (and AAISP!), it's proving to be a reliable, flexible and hopefully secure setup for our VDSL line. It took me a while to adjust to the pared down functionality of BusyBox, but now I wouldn't return to proprietary, consumer-oriented firmware if you paid me.

    1. Kevin McMurtrie Silver badge

      Re: Your router and firewall is no place for 'consumer-oriented' firmware

      "Small Business" firmware makes consumer firmware look like fine art. You're lucky if it boots and stays running for an hour. It likely has executable file paths embedded in the admin console URLs and little bits of binary garbage leaking out here and there. You suspect that each software update cycle was outsourced to a different lowest bidder, but that still can't explain half the problems.

      1. EnviableOne Silver badge

        Re: Your router and firewall is no place for 'consumer-oriented' firmware

        Aren't all these products the ones brought out while they were owned by Cisco?

        They are also Seriously stable

        Linksys and Netgear boxen work just as well as, if not better than, anything else to provide the modem funtion for xDSL you then put a Business Grade device behind it.

        Plus if id borks, buy a new one, they are like petty cash money...

  6. Captain DaFt

    Rule #1 for a more stress-free life:

    "Linksys Smart Wi-Fi Routers"

    Avoid every product, and I mean every product, with "smart" in its name!

    1. mykingdomforanos

      Re: Rule #1 for a more stress-free life:

      Captain DaFt wrote:

      "Avoid every product, and I mean every product, with "smart" in its name!"

      Heh, indeed, it's the new "Internet Enabled". Or perhaps the new "Now with Ruby support".

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020