Recently, Testaankoop, a Belgian consumer organization, discovered a shocking security vulnerability. Two Linksys mesh router models are sending Wi-Fi login information to Amazon (AWS) servers unencrypted.

The router models in question

• Linksys Velop Pro 6E
• Linksys Velop Pro 7

Details of the vulnerability

Testaankoop discovered the issue during routine installation checks. Multiple data packets were being sent to AWS servers in the United States, containing sensitive information such as:

1. The configured SSID name and password (unencrypted plain text)
2. Network identification tokens within a large database
3. Access tokens for user sessions

This information exposure could potentially increase the risk of man-in-the-middle (MITM) attacks.

The risk of man-in-the-middle attacks

A man-in-the-middle attack is a security breach where an attacker intercepts communications between a Linksys router and an Amazon server, potentially capturing sensitive information. In this case, the attacker could capture the Wi-Fi network name (SSID) and password transmitted in plain text. This allows the attacker to read or modify this critical information, potentially granting unauthorized access to the network.

Connection to recent security incidents

The discovery of this vulnerability is even more alarming in light of the recent MITM attack incident involving KT in South Korea. The fact that KT, a major telecommunications company, attempted a man-in-the-middle attack against its users has already raised serious concerns for many. The discovery of a similar vulnerability in routers from Linksys, a global network equipment manufacturer, is a serious issue that further increases user anxiety.

This goes beyond a simple technical flaw. It raises questions of corporate ethics and responsibility, as companies that should be safeguarding user privacy and network security are putting that information at risk. It is particularly shocking that a major company like Linksys would overlook such fundamental security issues.

Linksys' response

Testaankoop alerted Linksys about this issue in November 2023, but effective action was not taken. Linksys released a firmware update after the initial warning, but it did not address the concerns raised.

The tested Velop 6E and 7 models were using the latest firmware at the time:

• Velop 6E: Firmware V 1.0.8 MX6200_1.0.8.215731
• Velop Pro 7: Firmware 1.0.10.215314

Recommendations for users

Testaankoop recommends the following steps for users who already own these routers:

1. Change the Wi-Fi network name and password through the web interface instead of the app.
2. This will prevent the SSID name and password from being transmitted as readable text.

Conclusion

Testaankoop emphasizes that this issue persists and strongly advises against purchasing Linksys Velop Pro WiFi 6E and Pro 7. They warn of the "risk of serious network intrusion and data loss."

This vulnerability poses a serious threat to both individual users and small office environments. There is still no official response from Linksys.

The recent KT MITM attack incident and the discovery of this vulnerability in Linksys routers serve as a reminder of the importance of network security. This means that users need to be more vigilant about their digital security.

As security experts, we always recommend that users keep their router firmware up to date, use strong passwords, and regularly review their security settings. Additionally, it is necessary to reconsider using these models until these security issues are resolved. Furthermore, responsible attitudes and swift responses from manufacturers and service providers are more important than ever.