[ad_1]
The attack seems to be relatively simple and involves little more than visiting the Internet address of a router exposed and running a list of devices request. It works whether the router firewall is enabled or not, said Mursch Ars Technicaand is unaffected by a Hotfix released by Linksys in 2014.
There are potentially serious consequences. Full login logs could indicate to hackers where there are juicy targets on a given network, such as a phone equipped with outdated software, while stalkers could determine if their victim has visited a given location. The password status, meanwhile, could facilitate the hijacking of devices for the sake of zombie networks and other online crimes.
However, the situation may not be as clear as it seems. Linksys issued a security advisory stating that it "had not been able to replicate" the vulnerability, and suggested that the routers found online by Mursch were using outdated firmware or that their firewalls were disabled. Clearly, there is some disagreement here – and this could be a problem when it is not certain that affected Linksys routers are really safe. For now, it's best to make sure that you are using up-to-date router firmware and that the device firewall remains active.
[ad_2]
Source link