REALLY, ANOTHER ROUTER LEAK? HERE'S WHAT YOU NEED TO KNOW.
What’s going on?
So last week the world found out that over 25,000 Linksys routers (most considered home models) were leaking information. According to research done by Tory Mursch (an independent researcher) the routers are providing records of all the devices that have ever been attached to them. This includes names, identifiers and operating systems. With this information, the bad guys can launch targeted attacks on the devices.
Linksys has stated that a properly updated router is not vulnerable, but that claim is under some dispute.
What should my small business do about this?
This only affects Linksys brand routers – so your first step is to see if your router is listed. You can find a list here: https://pastebin.com/raw/ZHgWnu4C.
Even if your router is not listed, keep reading. This is good practice regardless.
If you have one of these routers, or are using a home router for your business, strongly consider upgrading to a device that is more secure and designed to keep your business safe. Preferably something that has built in and constantly updated threat protection. It will cost more, but what it can save you is tremendous.
While you think about upgrading – update your firmware immediately! Linksys is saying that this vulnerability is not present in updated devices. Now, that is being disputed, but it is always a good idea to keep your firmware up to date. Models vary in how this is achieved but generally it goes like this:
Log into your device.
Find the administration section and navigate to it.
Look for a router settings or firmware section.
There will likely be a backup option. Do that and save a copy of the existing configuration to a safe location. This is just in case something goes wrong, and you need to get back to a previous state.
In that same section there is usually a “check for firmware upgrade” button. Click on that and let it do its thing.
Some models require you find the file yourself. Check the manufacturers website for your model’s download page, then download and install the upgrade file. If this is the case, you’ll usually see a “browse” button in the upgrade firmware section that lets you look for and load the file you downloaded.
Additionally, make sure your password is changed from whatever the default was. If you logged in using admin and a password like admin, password, or something similar – you’ve got to change that. Google your router model number and “change default password” to find instructions.
What should I do about this at home?
Pretty much the same thing!
I strongly doubt you would want to spend the money on a business level router/firewall, but other than that, do what we have listed above. Change the default credentials and get your firmware updated. We come across home routers with default settings and old firmware all the time.
Do not think for a minute that the bad guys aren’t out to get you because your business is too small. It doesn’t work that way. They know most small businesses have limited budget funds for IT and security, making your small business (or home) an attractive target.
Of course, if you need help with any of this, and are in the Omaha area – give us a call 402.881.3782 or drop us an email at
firstname.lastname@example.org We’d love to help.