Patches Fix Critical Flaws in Linksys Router
Linksys (a Cisco Systems company) has released a new version of the operating system that powers one of its most popular wireless Internet routers for home users -- the WRT54G. Such routers also act as fairly effective firewalls against incoming attacks. The updated "firmware" fixes five serious security holes that could allow attackers to disable or completely overwrite the security settings on the devices. If you are using this device, it should display "WRT54G" model number on the front of it next to where all the blinking lights are.
The vulnerabilities, discovered by security researchers at Reston, Va.-based iDefense Inc., can be exploited by anyone who has access to a vulnerable network through the wireless connection. (They also can be exploited if the attacker is physically connected to the network, but if the attacker has physical access you probably have bigger things to worry about.)
Enabling encryption on the routers and using other security methods -- such as "MAC filtering" -- can help mitigate successful exploitation of the flaws, but these protections are far from foolproof. (I will talk more about securing wireless routers in a future blog post.) The SANS Internet Storm Center has a link to each of the individual advisories if you care to read up on them.
For now, your safest bet is to upgrade the software on the router. This is relatively easy to do, and Linksys has pretty decent instructions on how to do it here. The actual patch is available here. Just make sure to pay close attention to the instructions, and do not upgrade the firmware over a wireless connection. If you are going to upgrade the software using a laptop, make sure the laptop is physically connected to the router with an ethernet cable.
The comments to this entry are closed.