Very recently Linksys went under fire because of an info disclosure exploit which seems to affect around 20,000 devices and, since the manufacturer has yet to release a patch for its affected models, the only solution, so far, is to flash the routers with a custom firmware, such as OpenWRT (Project LEDE).
If you want to check how the exploit works, then all you have to do is to go to the Linksys Smart WiFi login page (by opening a web browser and inserting 192.168.1.1 or linksyssmartwifi.com in the URL – you don’t have to log into the router), then press F12 to open the Developer Console, select Network from the top menu and, from the small search box, enter JNAP; afterwards, simply click on the multiple JNAP from the left list and select Response from the right to see all the unauthenticated sensitive info about your router and network.
This way, anyone who has access to your network can see everything that’s going on in the router (the device names that are and were connected, their MAC address, the OS and more), but it can also make it extremely easy for hackers to exploit your home (or office) network.
Note: You can read here more about the vulnerability along with a full list of the affected devices and yes, it includes most models from the WRT series as well.
The process of installing OpenWRT on a Linksys router is not that difficult (I used the WRT3200ACM which is a part of the vulnerable routers) and these are the steps that you need to follow:
1. Go to openwrt.org website, then from the menu on the left select Downloads and underneath the ‘Download OpenWrt/LEDE firmware specific for your device’ section, click on the Table of Hardware hyperlink; next, identify the Linksys model that you currently have and click on the first link to download the Project LEDE firmware to your computer.
2. After the custom firmware image has been downloaded to your PC, simply log into the Linksys Smart WiFi interface (go to either 192.168.1.1 or linksyssmartwifi.com) and, after gaining access to the UI, select Connectivity from the main menu (on the left). On the Connectivity window, go to Basic, identify the Router Firmware Update section and, at the Manual area, click on Choose File, select the freshly downloaded firmware and click on Start; you’ll then be asked if you want to continue updating the firmware – click Yes.
3. If you were connected to the wireless network of the Linksys router, you will immediately notice that the router doesn’t have the WiFi enabled, so, to gain access to the WRT3200ACM (or any other Linksys router), you’ll need to connect the computer to the router via an Ethernet cable (one end to the PC, the other on any LAN port – not WAN!). After that, open a web browser and insert 192.168.1.1 in the URL: this will take you to the new firmware interface.
4. Now, the first thing you’ll be asked to do is to enter the Username and Password (by default it’s root / root); after that, at the top of the page, there will be a yellow bar asking you to set a new password by clicking on the ‘Go to password configuration‘. After doing so, enter a new password and click Save and Apply.
5. On the next step, you’ll have to enter the ISP credentials to gain access to the Internet (especially if you have a PPPoE connection) and to do so, you need to click on Network from the top menu and select Interfaces. Press on WAN and, under General Setup click on Protocol, select your connection type and click Switch protocol: now, you’ll be able to insert the PAP/CHAP (ISP) username and password (the rest should be left on auto) – after you’re done, click on Save & Apply and wait for the configuration to be applied.
6. Lastly, we want to enable the WiFi: click on Network, select Wireless and you get a full view of your available bands (2.4 or 5GHz). The first one should be the 5GHz AC chip (recognizable by the 802.11nac), so you need to click on Edit and, unless you want to do a specific type of configuration (such as changing the mode or the Operating Frequency), you should simply go to the Interface Configuration section, click Enable (to enable the radio) and under General Setup, change the ESSID to the preferred name for your network; next click on Wireless Security and, under Encryption select the preferred encryption type (I used WPA2-PSK), leave Cipher on auto (or again, select the type you prefer) and, at the Key, insert the WiFi password. Lastly, click Save and Apply (tick the small box which should protect you from the KRACK vulnerability) and the new WiFi network should become active.
Afterwards, you need to return to the Network > Wireless page and on the second radio (with 802.11bgn next to its name), click Edit, Enable it from the Wireless Network window, change the ESSID from the General Setup and, under Wireless Security, select the Encryption (I used WPA2-SPK) and Cipher (I left it on auto) and insert the new password for the 2.4GHz SSID next to the Key. Click on Save and Apply and tick the small box for the protection against KRACK and the new WiFi network should become available.
For now installing OpenWRT (Project LEDE) seems to be the only way to protect ourselves from this exploit (until Linksys come with an official patch) and these are the steps that you need to take to install the custom firmware. I will try and keep this article updated to any new information that may arise regarding this problematic Linksys issue.