Linksys Router Security Vulnerability Discovered: Risk of User Data Exposure

Recently, the Belgian consumer organization Testaankoop discovered a shocking security vulnerability. Two Linksys mesh router models were found to be transmitting Wi-Fi login information to Amazon (AWS) servers without encryption.

Router Models in Question

• Linksys Velop Pro 6E
• Linksys Velop Pro 7

Details of the Vulnerability

Testaankoop discovered this issue during routine setup checks. Several data packets were being sent to AWS servers in the US, containing the following sensitive information:

1. The configured SSID name and password (in plain text)
2. Network identification tokens within a wide database
3. Access tokens for user sessions

This exposure potentially increases the risk of man-in-the-middle (MITM) attacks.

Risk of Man-in-the-Middle Attacks

A man-in-the-middle attack is a security breach where an attacker intercepts communication between the Linksys router and the Amazon server to steal sensitive information. In this case, the attacker could capture the Wi-Fi network name (SSID) and password transmitted in plain text. This allows the attacker to read or modify this critical information, potentially leading to unauthorized access to the network.

Relevance to Recent Security Incidents

The discovery of this vulnerability is even more alarming in light of the recent MITM attack incident involving KT in South Korea. The fact that KT, a major telecommunications company, attempted a man-in-the-middle attack on its own users has already raised serious concerns among many people. In this context, the discovery of a similar vulnerability in a router from Linksys, a global network equipment manufacturer, is a serious issue that exacerbates user anxiety.

This is more than just a technical flaw. The fact that companies responsible for protecting user privacy and network security are instead jeopardizing that information raises issues of corporate ethics and accountability. This is particularly shocking in the case of large companies like Linksys, which have overlooked such basic security issues.

Linksys' Response

Testaankoop alerted Linksys to this issue in November 2023, but no effective action was taken. Linksys released a firmware update after the initial warning, but it failed to address the concerns raised.

The tested Velop 6E and 7 models were running the latest firmware at the time:

• Velop 6E: Firmware V 1.0.8 MX6200_1.0.8.215731
• Velop Pro 7: Firmware 1.0.10.215314

Recommendations for Users

For users who already own these routers, Testaankoop recommends the following actions:

1. Change the Wi-Fi network name and password through the web interface instead of the app.
2. This will prevent the SSID name and password from being transmitted in readable text.

Conclusion

Testaankoop emphasizes that this issue persists and strongly advises against purchasing the Linksys Velop Pro WiFi 6E and Pro 7. They warn of "serious risks of network intrusion and data loss".

This vulnerability can pose a significant threat not only to individual users but also to small office environments. Linksys has yet to issue an official response.

The recent KT MITM attack and the discovery of this vulnerability in Linksys routers serve as a reminder of the importance of network security. This signifies the need for users to be more vigilant about their digital security.

As security experts, we always recommend that users keep their router firmware up-to-date, use strong passwords, and regularly review their security settings. Furthermore, it's advisable to reconsider using these models until these security issues are resolved. In addition, responsible behavior and swift responses from manufacturers and service providers are more crucial than ever.