Security Bulletin
Level: High Risk
24 August 2014
SLC Security Services LLC is recommending that all customers and
clients stop using the Linksys and Belkin "Smart" routers. On 20 August
2014 it was brought to our attention the Linksys (Cisco) and Belkin has
starting pushing firmware to these routers without any permission or
disclosure to our clients. Upon receiving the firmware upgrades it was
noted that the routers then started communicating with Linksys and
recorded the registration email address, MAC address, Public and Private
IP addresses as well as customer specific stats including information
not typically sent to a manufacturer of these devices.
SLC Security Services LLC is advising all clients to replace the
firmware on these devices with either an alternative free firmware or to
stop using the devices immediately. The firmware allows the remote
collection of information on Internet usage to include limited browsing
history, accounts, etc. This information is considered sensitive
information and should not be disclosed to a manufacturer for any
reason. The information may be subject to subpoena or disclosure to law
enforcement or others and it is not known why Linksys is collecting
customer information on such a large scale.
We feel that it would have been better if Linksys gave the clients
the option of managing their routers through the website and through
this firmware but instead of asking if this is a feature a client would
want they pushed the update without notifying clients of the collection
of their personally identifiable information.
No comments:
Post a Comment