Follow Slashdot blog updates by subscribing to our blog RSS feed

 


Forgot your password?
Close
typodupeerror
×
Security IT

Linksys Asks Users To Reset Passwords After Hackers Hijacked Home Routers Last Month (zdnet.com) 28

Posted by msmash from the PSA dept.
Router vendor Linksys has locked user accounts on its Smart WiFi cloud service and is asking them to reset passwords after hackers have been observed hijacking accounts and changing router settings to redirect users to malware sites. From a report: Linksys' decision only impacts Smart WiFi accounts. Linksys Smart WiFi is a cloud-based account system that lets device owners connect to Linksys routers (and other equipment) over the internet to manage router settings. Smart WiFi is widely deployed across Linksys' router fleet, making it an ideal target for hackers who may want to hijack routers en-masse. According to a Bitdefender report published last month, this is exactly what's been recently happening. The cyber-security firm said it detected an organized campaign to break into D-Link and Linksys routers and change DNS settings.
This discussion has been archived. No new comments can be posted.

Linksys Asks Users To Reset Passwords After Hackers Hijacked Home Routers Last Month More

Linksys Asks Users To Reset Passwords After Hackers Hijacked Home Routers Last Month

Comments Filter:

  • Or...and Stay With Me Now... (Score:5, Interesting)

    by Voyager529 ( 1363959 ) <voyager529@yahoo. c o m> on Thursday April 16, 2020 @12:35PM (#59955524)

    How about Linksys make those sorts of accounts clearly opt-in, instead of making it really confusing (and in a handful of cases, impossible) to set up a Linksys router without an internet account?

    • Re: (Score:3, Informative)

      by brainstem ( 519778 )
      I was able to set up my WRT3200 without having to create a cloud account. I can even use the app on my phone. It doesn't work outside of my house, but it works totally fine without cloud integration

    • Re: (Score:3)

      by cusco ( 717999 )

      This was introduced when they were eaten by Cisco. Their business-class Layer III switches were actually quite good and very user-friendly, the company that I was at installed several of them at customer sites. Using the web interface and just following the help file I was able to set up DHCP, DNS forwarding, a VPN, firewall, DMZ, and two VLANs in under three hours the first time I set one up. I once asked a Cisco CCN-something how long that should take and he told me most of the day (at their grossly in

    • - download and flash DD-WRT
        - set it up and use it normally
        - zero need for a Linksys account
        - better/faster/more secure router
        - profit!!

      • I prefer FreshTomato, I used ddwrt like 10 years ago but it was a mess, always looked like in alpha state. Switched to Tomato (then FreshTomato) for mostly old routers, and Merlin for asus/r7000 routers.

    • They are opt in... I'm not sure what you are smoking.

  • Smart => device depends on a lot of data stored on cloud server => (hacked | service down device useless | forced upgrade or device bricked | sells all your data)

    Apart from smartphones, the one exception that proves the rule, this moniker should be the kiss of death for any branding. Smart^TM = Dumb.

    • I've always considered anything that sells itself as 'smart' to be lying and trying to trick slow people.

      • Agreed. More disturbing is wht some of these devices do behind the scenes. Let's say you have a decent firewall set up blocking incoming ports. You install your smart thermostat which then punches a hole through the firewall using something like uPNP. Someone then attacks through that port to hit the thermostat and uses it as a relay to ninja into your network. If you have internal firewalls on your important devices, maybe the guy can just see what is on your network and maybe screw with the breached devic

        • Re: (Score:1)

          by Anonymous Coward
          What kind of firewall do you have that permits anything to enable upnp?!?

          • Re: (Score:2)

            by cusco ( 717999 )

            I think he means DDNS.

            Just as an aside, Axis is discontinuing its DDNS service. Does anyone else have a suggestion for a free and stable DDNS provider? I've never bothered with any of the others.

    • I dunno, I think it's pretty dumb for phones to have 6.5" screens. I'm getting ready to abandon smart phones if I can figure out how to work. The choices are essentially a phablet or a device that locks up when trying to run two apps at once.

  • Is the new stupid.

  • Linksys Smart WiFi cloud service (Score:5, Insightful)

    by oldgraybeard ( 2939809 ) on Thursday April 16, 2020 @03:37PM (#59956226)
    is a total pita. Trying to setup your router with out their SMART??(My ass) account creation is hidden and nearly impossible to work out.
    Of all the crap Linksys has pulled, This makes me question a Linksys purchase before I even read the stats.

    Linksys is now on my pass list. If I do not give them info. They can not leak it. I am protecting them from their own incompetence.

    Just my 2 cents ;)

    • They are the absolute worst... Except for all the others.

      No seriously I've yet to find someone produce a smart remotely manageable router which isn't a huge PITA to setup.

  • the old classic wrt54gl runs Linux natively and dd-wrt works good on it

    i also bought a wrt1900acs (version 2) that also has a linux firmware and linksys interface really sucks, its usable but it sucks, and dd-wrt does not work good on it, it will install but it dont work good, hopefully the ddwrt people will build a good firmware for it,

    i dont like openwrt, its interface is cumbersome for a casual user
  • Open brand new router box, connect router to laptop/desktop that is not connected to internet. Install ddWRT or OpenWRT. Problem solved.

  • The cyber-security firm said it detected an organized campaign to break into D-Link and Linksys routers and change DNS settings.

    Nothing new. My router (a SomeBrand) 'resets itself' occasionally and changes its primary DNS address to an IP addy in Dubai. I just change it back to what I want and run an OpenBSD/pf firewall downstream, which pisses off my service's tech people to no end.

  • Have Verizon FiOS and use their router. Disabled DHCP and use a raspberry pi for pi-hole to be dhcp and dns server on network. Havenâ(TM)t used a third party router in the last couple of years. Why bother? Any value created with one if you donâ(TM)t have a static IP address you can pass through to it? Seems like all you do is add double NAT.

    • Had them switch my ONT from coax to ethernet. I bought a NUC and put pfSense on it. Single NAT, no third-party garbage. I do need to be smarter than the FIOS folks at times when there are issues, to prove to them its not my router (like when I ordered more bandwidth and only got more bandwidth in the upload direction).

      • Sounds like more frustration than anything. If I had need for a static IP or wanted to route all my traffic over a vpn to mask activity from the isp then I guess Iâ(TM)d do it.

Slashdot Top Deals

Every nonzero finite dimensional inner product space has an orthonormal basis. It makes sense, when you don't think about it.

Close