Friday, September 12, 2014

SLC2014-01 Linksys - Belkin Smart Wifi Portal and Security

Security Bulletin
Level: High Risk
24 August 2014

SLC Security Services LLC is recommending that all customers and clients stop using the Linksys and Belkin "Smart" routers. On 20 August 2014 it was brought to our attention the Linksys (Cisco) and Belkin has starting pushing firmware to these routers without any permission or disclosure to our clients. Upon receiving the firmware upgrades it was noted that the routers then started communicating with Linksys and recorded the registration email address, MAC address, Public and Private IP addresses as well as customer specific stats including information not typically sent to a manufacturer of these devices.

SLC Security Services LLC is advising all clients to replace the firmware on these devices with either an alternative free firmware or to stop using the devices immediately. The firmware allows the remote collection of information on Internet usage to include limited browsing history, accounts, etc. This information is considered sensitive information and should not be disclosed to a manufacturer for any reason. The information may be subject to subpoena or disclosure to law enforcement or others and it is not known why Linksys is collecting customer information on such a large scale.

We feel that it would have been better if Linksys gave the clients the option of managing their routers through the website and through this firmware but instead of asking if this is a feature a client would want they pushed the update without notifying clients of the collection of their personally identifiable information.

No comments:

Post a Comment