Skip Links

Asus, Linksys router exploits tell us home networking is the vulnerability story of 2014

Buggy firmware, sloppy design, and careless users mean easy pickings for online hackers.

By Jon L. Jacobi, PC World
February 19, 2014 02:07 PM ET

PC World - If you're using network-attached storage, video surveillance equipment, or remote router management software, beware of dodgy firmware--it's become ground zero for hacker exploits, as recent debacles with Asus and Linksys routers emphatically illustrate. The message is clear: In 2014, vulnerable routers, NAS boxes, and other connected devices are leaving our home networks wide open to attack.

Worst-case scenario? Strangers from anywhere in the world can access your files, slip malware into your network, or use your own security cameras to spy on you--all without ever laying a finger on your hardware.

Some older Linksys E-Series routers and Wireless-N routers and access points are vulnerable to a malware infection--dubbed TheMoon--that leaves a self-replicating worm behind. On Tuesday, Ars Technica reported a story of people finding disturbing letters on USB storage devices attached to their Asus routers, left there by apparently non-malevolent but unquestionably uninvited guests. The letters serve as dire warnings of how insecure their networks are. PCWorld Norway raised a red flag about this weakness nearly two weeks earlier.

+ ALSO ON NETWORK WORLD 12 most powerful security companies +

Using the Shodan search engine, Clas Mehus--an editor at our sister site--discovered a shocking number of routers, NAS boxes, security cameras, and other network devices left wide open due to buggy firmware and/or poorly designed user interfaces. I've replicated Mehus's findings and can report that these vulnerabilities aren't limited to Asus and Linksys hardware.

If you'reA running an Asus router with a USB storage drive attached, download and install the latest firmware from Asus's website (do not simply use the router's web interface to check for a new version, as it might not download the most recent version).

As for Linksys, company spokesperson Karen Sohl told us Linksys is aware of the issue. "Customers who have not enabled the Remote Management Access feature [on these devices] are not susceptible to this specific malware," Sohl wrote in an email. "Customers who have enabled the Remote Management Access feature can prevent further vulnerability to their network by disabling the Remote Management Access feature and rebooting their router to remove the installed malware. Linksys will be working on the affected products with a firmware fix that is planned to be posted on our website in the coming weeks."

Asus and Linksys are hardly alone when it comes to security vulnerabilities. Netgear's ReadyNAS product line suffered something similar just a few months ago. Weak industry password-setup practices have made it a virtual certainty that there will always be IP devices unintentionally exposed to the Internet.

How it happens

You might not realize you have an Internet address that's as well-defined as your street address. To see your own public IP address, surf to whatismyip.com. Your address will be displayed in big bold letters and will look something like this: 101.75.75.101. In most cases, this public address leads straight to your router, which as its name implies, routes all data traffic between your networked computers, tablets, smartphones, webcams, and to and from the outside world.

Originally published on www.pcworld.com. Click here to read the original story.

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News