back to article Linksys forces password reset for Smart Wi-Fi accounts after router DNS hack pointed users at COVID-19 malware

Router biz Linksys has reset all its customers' Smart Wi-Fi account passwords after cybercrims accessed a bunch and redirected hapless users to COVID-19 themed malware. The mass reset took place after all user accounts were locked on 2 April, following infosec firm Bitdefender revealing that malicious persons were pwning …

  1. DreamEater

    Why do companies use multiple domains? Why can’t they stick to one

    1. Anonymous Coward
      Anonymous Coward

      "Why do companies use multiple domains?"

      '...Linksys parent firm Belkin...'

      I think I spotted the error.

  2. Down not across

    Another "Smart" something turning out to be less so

    And this is why you don't allow anything external to configure your network. At least with the likes of Ubiquiti (not that they are without their own foibles) offer the choice of running AP controller, NMS, etc locally if you don't like the idea of using their cloud version.

    1. Anonymous Coward
      Anonymous Coward

      Re: Another "Smart" something turning out to be less so

      "Smart" isn't.

      I worked that out quite a while back..

    2. John Brown (no body) Silver badge

      Re: Another "Smart" something turning out to be less so

      Exactly. If you MUST have a phone app to control your WiFi router, why doesn't the app talk to the WiFi onboard web server instead of via some remote "cloudy" server? What happens when Linksys "retire" the service?

  3. Anonymous Coward
    Anonymous Coward

    This whole idea of logging into a cloud account

    to get back into your device on your home network is wrong. There's absolutely no security benefit.

    1. Anonymous Coward
      Anonymous Coward

      'Why cloud-managed Wi-Fi demand will surge'

      The funny thing is I'm reading this just under another article with such headline...

      1. FlamingDeath Silver badge

        Re: 'Why cloud-managed Wi-Fi demand will surge'

        Clearly it will surge, because there is a headline declaring so

        I think that's how nudge theory and groupthink works in sociology

        People are dumb, just convince them it's what everyone is doing and they'll follow

  4. Pascal Monett Silver badge

    "telling users to download and install an application that offers instructions"

    So there are still people who believe you need to download something to get information and instructions.

    We're in the 3rd millennium. Instructions are a URL away, via HTTP. There is no need to download anything.

    I was going to rant about people's stupidity, but then I realized that, if people didn't get taken in by such obvious ploys, then scammers would be intelligent and I would be at risk of falling for it.

    So my security demands that idiots continue to fall for such obvious ploys.

    1. paulll

      Re: "telling users to download and install an application that offers instructions"

      "We're in the 3rd millennium. Instructions are a URL away, via HTTP. There is no need to download anything."

      Obviously, but here in the 3rd millennium, thanks to data capitalists, we have a Facebook app, a youtube app, an instagram app, an app for your tv channel, gawd knows what else these people have on their phones. So it probably doesn't seem remarkable to them, let alone as confusingly stupid as it does to you or me.

  5. William Higinbotham

    Password Reset???

    I logged into Linksys website and my old passwords worked?

    Why did Linksys not ask that we change this one too.

    Some people use same password on both the router and company website login:-)

    1. Anonymous Coward
      Anonymous Coward

      Re: Password Reset???

      "Some people use same password on both the router and company website login:-)"

      In my experience, many users use the same password EVERYWHERE, despite being advised not to do it repeatedly.

      As the saying goes, the irony of the phrase Common Sense, is that it isn't very common. Increasingly less common every day by the looks of it. :-(

  6. Anonymous Coward
    Anonymous Coward

    Surprise, surprise!!

    Last year I bought one of these WiFi routers.

    *

    Warning signs: the only EASY way to configure the router was to set up a Linksys "cloud account". It took two days and lot of research to find out how to configure the device the old fashioned way: laptop, CAT-5 cable, router....and NO INTERNET ACCESS.

    *

    Once the pain was over I did a factory resent on the router, packed it back in the box, and gave it to the local charity shop. SEP!!

    *

    Why would Linksys (aka Belkin) provide the ability for a user to (re)configure a router from Bondi Beach? When (as this article clearly shows) anyone at Linksys, and any hacker getting into Linksys, can also (re)configure the router? To paraphrase Nike "Just DON'T do it!".

    1. Down not across

      Re: Surprise, surprise!!

      Once the pain was over I did a factory resent on the router, packed it back in the box, and gave it to the local charity shop. SEP!!

      Yes, absolutely correct. I'd resent too.

    2. Anonymous Coward
      Anonymous Coward

      @AC - Re: Surprise, surprise!!

      Why would Linksys do this ? Easy answer, it's the last mile towards a steady revenue stream. Relax, it will only cost 9.95$/month.

    3. Anonymous Coward
      Anonymous Coward

      Re: Surprise, surprise!!

      Oh, yes....this Linksys crap has been going on since (at least) 2014.......six years worth of end users exposed to a nasty heck. Here's the solution....posted six years ago:

      - http://jeramiah.net/2014/01/it-doesnt-matter-what-you-think-setting-up-the-linksys-ea6900/

  7. DenTheMan

    US company

    Trump does not like the fact that none US companies with cannot get peeked by a poke up the number 2.

    It is OK when a US, Linksys include are still our friend.

    Trumps the boss.

  8. randon8154

    Got one linksys but never used the "smart wifi" nor the oem firmware.

    If we can blame those features for having security problem or being privacy invader, Linksys work with openwrt and the quality of the hardware is good.

  9. FlamingDeath Silver badge

    I would love to have been a fly-on-the-wall in that meeting

    When they decided that a cloud configurable router was something customers wanted

    I wonder what data they can get their grubby hands on in this environment carte blanche

    Either that, or another route to planned obsolescence, after all, a service needs to be active for this to be viable, I hope its not a requirement

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like