This is an AI translated post.
Select Language
Summarized by durumis AI
- Belgian consumer organization Testaankoop has discovered a serious security vulnerability in the Linksys Velop Pro 6E and 7 models that sends Wi-Fi login credentials unencrypted to Amazon servers.
- This vulnerability increases the risk of man-in-the-middle attacks, where an attacker can intercept communication between the router and server, stealing SSID names and passwords, threatening user privacy and network security.
- Testaankoop informed Linksys about the issue, but it wasn't resolved through a firmware update. Therefore, they do not recommend using these router models and users should be extra cautious with their security, including keeping the router firmware up to date and using strong passwords.
Recently, Testaankoop, a Belgian consumer organization, discovered a shocking security vulnerability. Two Linksys mesh router models are sending Wi-Fi login information to Amazon (AWS) servers unencrypted.
The router models in question
- Linksys Velop Pro 6E
- Linksys Velop Pro 7
Details of the vulnerability
Testaankoop discovered the issue during routine installation checks. Multiple data packets were being sent to AWS servers in the United States, containing sensitive information such as:
1. The configured SSID name and password (unencrypted plain text)
2. Network identification tokens within a large database
3. Access tokens for user sessions
This information exposure could potentially increase the risk of man-in-the-middle (MITM) attacks.
The risk of man-in-the-middle attacks
A man-in-the-middle attack is a security breach where an attacker intercepts communications between a Linksys router and an Amazon server, potentially capturing sensitive information. In this case, the attacker could capture the Wi-Fi network name (SSID) and password transmitted in plain text. This allows the attacker to read or modify this critical information, potentially granting unauthorized access to the network.
Connection to recent security incidents
The discovery of this vulnerability is even more alarming in light of the recent MITM attack incident involving KT in South Korea. The fact that KT, a major telecommunications company, attempted a man-in-the-middle attack against its users has already raised serious concerns for many. The discovery of a similar vulnerability in routers from Linksys, a global network equipment manufacturer, is a serious issue that further increases user anxiety.
This goes beyond a simple technical flaw. It raises questions of corporate ethics and responsibility, as companies that should be safeguarding user privacy and network security are putting that information at risk. It is particularly shocking that a major company like Linksys would overlook such fundamental security issues.
Linksys' response
Testaankoop alerted Linksys about this issue in November 2023, but effective action was not taken. Linksys released a firmware update after the initial warning, but it did not address the concerns raised.
The tested Velop 6E and 7 models were using the latest firmware at the time:
- Velop 6E: Firmware V 1.0.8 MX6200_1.0.8.215731
- Velop Pro 7: Firmware 1.0.10.215314
Recommendations for users
Testaankoop recommends the following steps for users who already own these routers:
1. Change the Wi-Fi network name and password through the web interface instead of the app.
2. This will prevent the SSID name and password from being transmitted as readable text.
Conclusion
Testaankoop emphasizes that this issue persists and strongly advises against purchasing Linksys Velop Pro WiFi 6E and Pro 7. They warn of the "risk of serious network intrusion and data loss."
This vulnerability poses a serious threat to both individual users and small office environments. There is still no official response from Linksys.
The recent KT MITM attack incident and the discovery of this vulnerability in Linksys routers serve as a reminder of the importance of network security. This means that users need to be more vigilant about their digital security.
As security experts, we always recommend that users keep their router firmware up to date, use strong passwords, and regularly review their security settings. Additionally, it is necessary to reconsider using these models until these security issues are resolved. Furthermore, responsible attitudes and swift responses from manufacturers and service providers are more important than ever.