Security researchers and Linksys are warning that multiples models of Linksys Smart Wi-Fi Routers have vulnerabilities that might be exploited to create a botnet. Here’s a list of the affected routers:
A security advisory was issued by Linksys today which includes a workaround for customers until final firmware updates are posted in the coming weeks….. Though I would classify some of what they are recommending as common sense, but here’s the workaround:
- Enable automatic updates: I don’t like to do that as updates sometimes cause issues. Thus I like to wait a day or two to see if anything is reported on the Internet before I update.
- Disable WiFi Guest Network: This is something that I recommend that you do as a matter of course as guest networks can be used as an attack vector.
- Change the default Administrator password: This falls under the category marked “duh” as there is no reason on God’s green earth why you should be using the default administrator password for any device ever.
If you want an idea of what the issue is that is prompting this reaction from Linksys, IOActive who are the researchers who found this issue have a great write up that you can read right here.