Thousands of Linksys routers leaked detailed device connection records

Jacob Siegal

May 20, 2019 at 2:52 PM

If you were looking for more proof that all of your connected devices were out to get you, look no further than a new report from Bad Packets chief research officer Troy Mursch, who revealed last week that dozens of Linksys Smart Wi-Fi routers are leaking full records of all the devices that have ever connected to them. Some of the information that is possible to dig up by exploited this flaw includes the MAC address, the name of the device, WAN settings, firewall status, and even whether or not the default password for the router has ever been changed.

With the help of the BinaryEdge cybersecurity team, Bad Packets was able to find 25,617 Linksys routers that were leaking sensitive information to the public internet. As Mursch says, exploiting the flaw doesn’t require authentication “and can be exploited by a remote attacker with little technical knowledge.”

If you’re wondering what hackers might do with the information they steal by exploiting this flaw, Mursch explains that a MAC address is a unique identifier for a networked device, and can be used to track a device as it moves between networks. Plus, if there is identifying information in the device name (such as the owner’s full name), a hacker could determine the identity of the device’s owner and geolocate them with a public IP address.

In a strange twist, Linksys released a statement regarding the security flaw, claiming that not only had it been fixed by an update in 2014 (which Mursch specifically says is not the case), but that it was unable to replicate the exploit that Mursch described in his report. Here’s the full statement:

Linksys responded to a vulnerability submission from Bad Packets on May 7th, 2019 regarding a potential sensitive information disclosure flaw: CVE-2014-8244 (which was fixed in 2014). We quickly tested the router models flagged by Bad Packets using the latest publicly available firmware (with default settings) and have not been able to reproduce CVE-2014-8244; meaning that it is not possible for a remote attacker to retrieve sensitive information via this technique. JNAP commands are only accessible to users connected to the router’s local network. We believe that the examples provided by Bad Packets are routers that are either using older versions of firmware or have manually disabled their firewalls. Customers are highly encouraged to update their routers to the latest available firmware and check their router security settings to ensure the firewall is enabled.

If you have any of the Linksys routers Mursch names in his report, you should first make sure that your firmware is up to date, but you might also consider replacing it with a device that isn’t on the list.

BGR Top Deals:

Trending Right Now:

See the original version of this article on BGR.com

Yahoo Sports
2024 NFL Draft grades: Denver Broncos earn one of our lowest grades mostly due to one pick
Yahoo Sports' Charles McDonald breaks down the Broncos' 2024 draft.
Yahoo Sports
NFL Power Rankings, draft edition: Did Patriots fix their offensive issues?
Which teams did the best in the NFL Draft?
Yahoo Sports
How to watch the 2024 WNBA preseason tonight: Caitlin Clark’s first Indiana Fever game time, channel and more
The WNBA preseason tips off this Friday. Here's how you can catch Caitlin Clark's first game.
Yahoo Sports
Formula 1: Miami Grand Prix sends cease and desist letter to prevent Donald Trump fundraiser during race
Race organizers say they'll revoke a Trump fundraiser's suite license if he holds an event for the former president on Sunday at the race.
Yahoo Sports
Lakers fire head coach Darvin Ham after just 2 seasons, latest playoff series loss to Nuggets
Despite a trip to the Western Conference finals in his first season with the team, the Lakers are now ready to look for a replacement for Darvin Ham.
Yahoo Sports
NFL Draft grades for all 32 teams | Zero Blitz
Jason Fitz and Frank Schwab join forces to recap the draft in the best way they know how: letter grades! Fitz and Frank discuss all 32 teams division by division as they give a snapshot of how fans should be feeling heading into the 2024 season. The duo have key debates on the Dallas Cowboys, New York Giants, New Orleans Saints, Los Angeles Rams, New England Patriots, Las Vegas Raiders and more.
Yahoo Sports
New details emerge in alleged gambling ring behind Shohei Ohtani-Ippei Mizuhara scandal
It turns out the money was going from Ohtani's bank account to an illegal bookie to ... casinos.
Yahoo Sports
The best RBs for 2024 fantasy football according to our analysts
The Yahoo Fantasy football analysts reveal their first running back rankings for the 2024 NFL season.
TechCrunch
Acura’s new all-electric SUV proves the most expensive model isn’t always the best
The first electric vehicle I ever drove was a Tesla Roadster in 2011. It was with great anticipation that I slid behind the wheel of the 2025 Acura ZDX Type S. Sure, it's a midsize SUV, but it wears the Type S moniker, a name reserved only for the most fun-to-drive in the Acura stable. On launch, the ZDX will be available in A-Spec and Type S trims -- both of which come equipped with a 102 kWh battery.
Yahoo Life Shopping
Does castor oil really help with hair growth? We asked the experts, and their answer may surprise you
It's inexpensive, but is it effective? Dermatologists' verdict is in — and it's unanimous.
Yahoo Finance
CVS stock plunges after earnings numbers one analyst 'did not even believe'
CVS warns it could cede Medicare Advantage market share as reimbursement rates pressure the company.
Yahoo Sports
Diana Taurasi’s trash-talking, in-your-face ways may be a bit of a shock to new WNBA fans
Caitlin Clark fans beware: You never know what the 20-year veteran might say … or do.
Yahoo Life Shopping
Reba McEntire, 69, relies on this wrinkle-smoothing 'holy grail' moisturizer for radiant skin
Her makeup artist swears by it for this clever foundation trick for dewy, glowing coverage.
Yahoo Sports
Wide receiver rankings for fantasy football 2024
The Yahoo Fantasy football analysts reveal their first wide receiver rankings for the 2024 NFL season.
Yahoo Sports
Tight end rankings for 2024 fantasy football 2024
The Yahoo Fantasy football analysts reveal their first tight end rankings for the 2024 NFL season.
Yahoo Sports
MLB Power Rankings: Braves move into the top spot followed by Dodgers, Phillies as injuries take a toll across the league
From the Braves to the Marlins, here's where all 30 teams stand after the season's first month.
Yahoo News
2nd Boeing whistleblower found dead. Here's a timeline of the company's mounting problems.
This is the second Boeing whistleblower to die in the last two months.
Yahoo Sports
Ex-Florida State QB and 1999 Fiesta Bowl starter Marcus Outzen dies at 46
The Seminoles lost 23-16 to Tennessee in the first-ever BCS title game.
Yahoo Sports
Tiger Woods explains viral Masters tree meme, daughter’s ‘negative’ relationship with golf while promoting ‘Sun Day Red’
Jimmy Fallon asked Tiger Woods all about his incredible handshake with Verne Lundquist at the Masters on Tuesday night.
Yahoo Sports
The expanded 12-team College Football Playoff is here — and it already has problems
There is cause for excitement around the new playoff format. There's also lots of complaints and criticism to go around.

News

Life

Entertainment

Finance

Sports

New on Yahoo

Thousands of Linksys routers leaked detailed device connection records

Recommended Stories

2024 NFL Draft grades: Denver Broncos earn one of our lowest grades mostly due to one pick

NFL Power Rankings, draft edition: Did Patriots fix their offensive issues?

How to watch the 2024 WNBA preseason tonight: Caitlin Clark’s first Indiana Fever game time, channel and more

Formula 1: Miami Grand Prix sends cease and desist letter to prevent Donald Trump fundraiser during race

Lakers fire head coach Darvin Ham after just 2 seasons, latest playoff series loss to Nuggets

NFL Draft grades for all 32 teams | Zero Blitz

New details emerge in alleged gambling ring behind Shohei Ohtani-Ippei Mizuhara scandal

The best RBs for 2024 fantasy football according to our analysts

Acura’s new all-electric SUV proves the most expensive model isn’t always the best

Does castor oil really help with hair growth? We asked the experts, and their answer may surprise you

CVS stock plunges after earnings numbers one analyst 'did not even believe'

Diana Taurasi’s trash-talking, in-your-face ways may be a bit of a shock to new WNBA fans

Reba McEntire, 69, relies on this wrinkle-smoothing 'holy grail' moisturizer for radiant skin

Wide receiver rankings for fantasy football 2024

Tight end rankings for 2024 fantasy football 2024

MLB Power Rankings: Braves move into the top spot followed by Dodgers, Phillies as injuries take a toll across the league

2nd Boeing whistleblower found dead. Here's a timeline of the company's mounting problems.

Ex-Florida State QB and 1999 Fiesta Bowl starter Marcus Outzen dies at 46

Tiger Woods explains viral Masters tree meme, daughter’s ‘negative’ relationship with golf while promoting ‘Sun Day Red’

The expanded 12-team College Football Playoff is here — and it already has problems