Linksys Velop Routers Caught Sending WiFi Creds in the Clear
Velop Pro routers by Linksys sent WiFi data unencrypted to a remote server during setup, exposing SSID and encryption key. Linksys failed to address the issue despite warnings, prompting criticism. Users advised to configure routers locally to avoid data exposure.
Read original article
Several models of Velop Pro routers from Linksys were found to be sending WiFi configuration data to a remote server in clear text during the setup process, as reported by the Belgian consumer protection group Testaankoop. The unencrypted packets were sent to an Amazon Web Services server, revealing the user's SSID, encryption key, and other identifying tokens. Despite being notified in November 2023, Linksys has not addressed the issue, even with subsequent firmware updates. Testaankoop strongly advises against using these models and criticizes Linksys for its handling of the situation. Users can avoid the data exposure by using the router's web configuration menus locally. The lack of response from Linksys and the security implications of the routers' behavior have raised concerns among users and experts in the field. The incident highlights the importance of securing sensitive information during network setup processes to prevent unauthorized access and data breaches.
Related
Rabbit data breach: all r1 responses ever given can be downloaded
A data breach at Rabbit Inc. exposed critical API keys for ElevenLabs, Azure, Yelp, and Google Maps, compromising personal information and enabling malicious actions. Rabbit Inc. has not addressed the issue, urging users to unlink Rabbithole connections.
Pwning a Brother labelmaker, for fun and interop
The author explores vulnerabilities in a Brother label maker, discovering outdated software and potential exploits like executing arbitrary code. Challenges arise, including unintentional device configuration issues and limited understanding of printer systems.
Linksys Velop routers send Wi-Fi passwords in plaintext to US servers
Linksys Velop routers, including Velop Pro 6E and 7 models, transmit Wi-Fi login details to Amazon servers in plaintext, risking man-in-the-middle attacks. Linksys has not effectively addressed the issue despite alerts. Testaankoop advises against purchasing affected routers.
MSI warranty claim database was publicly accessible via Google
Gamers Nexus uncovered a breach revealing 600,000+ MSI warranty claims on Google, including personal details. MSI's intranet portal was accessible, prompting concerns about fraud. MSI blocked access but hasn't issued a statement. This incident emphasizes the criticality of data security.
The Rabbit R1 has been logging users' chats – with no way to wipe them
The Rabbit R1 AI assistant device stored chat logs without deletion option. A recent update adds Factory Reset, enhances security, and prevents data access, addressing privacy concerns and a security breach.
3 commentsRelated
Rabbit data breach: all r1 responses ever given can be downloaded
A data breach at Rabbit Inc. exposed critical API keys for ElevenLabs, Azure, Yelp, and Google Maps, compromising personal information and enabling malicious actions. Rabbit Inc. has not addressed the issue, urging users to unlink Rabbithole connections.
Pwning a Brother labelmaker, for fun and interop
The author explores vulnerabilities in a Brother label maker, discovering outdated software and potential exploits like executing arbitrary code. Challenges arise, including unintentional device configuration issues and limited understanding of printer systems.
Linksys Velop routers send Wi-Fi passwords in plaintext to US servers
Linksys Velop routers, including Velop Pro 6E and 7 models, transmit Wi-Fi login details to Amazon servers in plaintext, risking man-in-the-middle attacks. Linksys has not effectively addressed the issue despite alerts. Testaankoop advises against purchasing affected routers.
MSI warranty claim database was publicly accessible via Google
Gamers Nexus uncovered a breach revealing 600,000+ MSI warranty claims on Google, including personal details. MSI's intranet portal was accessible, prompting concerns about fraud. MSI blocked access but hasn't issued a statement. This incident emphasizes the criticality of data security.
The Rabbit R1 has been logging users' chats – with no way to wipe them
The Rabbit R1 AI assistant device stored chat logs without deletion option. A recent update adds Factory Reset, enhances security, and prevents data access, addressing privacy concerns and a security breach.