Linksys Velop routers send Wi-Fi passwords in plaintext to US servers
Linksys Velop routers, including Velop Pro 6E and 7 models, transmit Wi-Fi login details to Amazon servers in plaintext, risking man-in-the-middle attacks. Linksys has not effectively addressed the issue despite alerts. Testaankoop advises against purchasing affected routers.
Read original articleLinksys Velop routers, specifically the Velop Pro 6E and Velop Pro 7 models, have been found to send Wi-Fi login details in plaintext to American Amazon servers by Testaankoop, the Belgian Consumers’ Association equivalent. This security flaw includes transmitting the SSID name, password, identification tokens, and access tokens, potentially exposing users to man-in-the-middle attacks. Despite being alerted in November, Linksys has not effectively addressed the issue, with a firmware update failing to resolve the problem. Testaankoop suspects third-party software in the firmware may be the root cause but emphasizes that it does not excuse the vulnerability. Users are advised to change their Wi-Fi network name and password through the web interface to prevent plaintext transmission. The ongoing security lapse in the latest Linksys 7 Pro models has led Testaankoop to strongly advise against purchasing these routers due to the risk of network intrusion and data loss. Despite attempts to contact Linksys, no acknowledgment or solution has been received, highlighting a critical security concern.
Related
Vulnerability in Popular PC and Server Firmware
Eclypsium found a critical vulnerability (CVE-2024-0762) in Intel Core processors' Phoenix SecureCore UEFI firmware, potentially enabling privilege escalation and persistent attacks. Lenovo issued BIOS updates, emphasizing the significance of supply chain security.
Rabbit data breach: all r1 responses ever given can be downloaded
A data breach at Rabbit Inc. exposed critical API keys for ElevenLabs, Azure, Yelp, and Google Maps, compromising personal information and enabling malicious actions. Rabbit Inc. has not addressed the issue, urging users to unlink Rabbithole connections.
Hacking Amazon's Eero 6 (part 1)
The blog post discusses hacking Amazon's eero 6 Wi-Fi device by disassembling it, identifying pins, and using tools like OpenOCD and Adafruit FT232H for communication. Detailed steps and insights are provided.
AirPods fast connect security vulnerability
A security flaw (CVE-2024-27867) in Apple AirPods firmware allows unauthorized access via Bluetooth MAC address. Firmware updates released for affected models. Users with non-Apple devices may encounter difficulties updating.
Pwning a Brother labelmaker, for fun and interop
The author explores vulnerabilities in a Brother label maker, discovering outdated software and potential exploits like executing arbitrary code. Challenges arise, including unintentional device configuration issues and limited understanding of printer systems.
I would not expect my password to be sent to the server in the first place.
:-/
But who else do we go to? Every company is doing this. Maybe they just cannot survive without it. It’s probably why we need regulation here (consequences for security breaches, limitations on terms of service abuse, etc).
It’s pretty normal for passwords to be “plaintext” inside an HTTPS request. That’s how practically every login to a web app works. If it’s not HTTPS, there’s a whole slew of other issues along with putting a plaintext password in the request.
If it is HTTPS, then the issue really is just that the password gets sent anywhere rather than staying local. This is a lot more debatable as a practice, but unfortunately is also common for a lot of routers to support their cloud/app management functionalities.
November? November?! OK, sure, there are a lot of holidays around then. But I would have expected public disclosure on something like this by end of January at the latest, unless the vendor is actively working / communicating about it.
It's not just the developer who wrote said code, as well as the backend developers who receive these outputs, but further, the organization did not have any kind of test/check and balance/security mechanism in place.
It's terrible given the router, especially in a world of IoT, may be the device on your network that should be the most secure.
Finally, now that it's public how bad the organization at Linksys is, it is trivial for a criminal to pay an employee to purposefully include backdoors.
The consumer router scene needs a security focused disruption.
Some things can apparently only be bought with your own time, when it comes to "but you had to spend cumulative 3 days setting up your custom thing, so it didn't really cost $100" equation that people will throw at you if you tell them that you have built something yourself from relatively cheap components.
I suspect that someone has some debugging flags that do this, and accidentally shipped with the flags set the wrong way.
What third part software does Linksys use on that router?
I wonder why they didn’t provide any disassembly/decompiler output, or other information on the offending binary
It’s not clear to me that the router sends the password rather than the app on your phone
it was over ssl, but still.
I am sick of reading about these embarrassing security holes in Cisco/Juniper/etc. The internet is an adversarial place. Stop cowboy coding
Related
Vulnerability in Popular PC and Server Firmware
Eclypsium found a critical vulnerability (CVE-2024-0762) in Intel Core processors' Phoenix SecureCore UEFI firmware, potentially enabling privilege escalation and persistent attacks. Lenovo issued BIOS updates, emphasizing the significance of supply chain security.
Rabbit data breach: all r1 responses ever given can be downloaded
A data breach at Rabbit Inc. exposed critical API keys for ElevenLabs, Azure, Yelp, and Google Maps, compromising personal information and enabling malicious actions. Rabbit Inc. has not addressed the issue, urging users to unlink Rabbithole connections.
Hacking Amazon's Eero 6 (part 1)
The blog post discusses hacking Amazon's eero 6 Wi-Fi device by disassembling it, identifying pins, and using tools like OpenOCD and Adafruit FT232H for communication. Detailed steps and insights are provided.
AirPods fast connect security vulnerability
A security flaw (CVE-2024-27867) in Apple AirPods firmware allows unauthorized access via Bluetooth MAC address. Firmware updates released for affected models. Users with non-Apple devices may encounter difficulties updating.
Pwning a Brother labelmaker, for fun and interop
The author explores vulnerabilities in a Brother label maker, discovering outdated software and potential exploits like executing arbitrary code. Challenges arise, including unintentional device configuration issues and limited understanding of printer systems.