Shortly after Cisco was shocked to learn that the NSA is allegedly using security holes in its products to spy on people, Cisco had to make the embarrassing admission that there was a big security flaw in four of its routers that could let hackers control them.
Such flaws are called “backdoors.”
To be clear, the hole wasn’t found in Cisco’s big enterprise or service provider routers, the ones that control most of the Internet — and the ones that government spies would be most interested in hacking.
The hole was found in Cisco routers used by small businesses and homes.
But it was still a serious enough problem for the Internet Storm Center to issue a warning. The ISC is an organisation that watches computer security threats to warn businesses about them.
The person who found the hole, Eloi Vanderbeken, discovered it on a Linksys router produced by Cisco before the company sold its Linksys business unit to Belkin (the model was Linksys WAG200G).
Vanderbeken then investigated and discovered the same hole in lots of other routers, even from other vendors. The flaw was found in routers produced by Cisco, Netgear and Linksys (now owned by Belkin). Vanderbeken described the backdoor in a PowerPoint and posted the code to Github, along with the list of routers that are affected. That means that hackers now have access to the code. But so do security researchers and the vendors, so they can fix it.
Cisco doesn’t have a fix yet, but is hurrying to produce one, a spokesperson told Business Insider. The spokesperson says that fixing the Linksys router now owned by Belkin would be Belkin’s responsibility.
Meanwhile, Cisco released a security warning about the hole. A spokesperson told us that Cisco is always on the hunt for any security problems to its products and is willing to disclose them. “This is a conversation we want to have, about backdoors,” the spokesperson said.
If you want a deep dive into what the problem is and how it wasn’t found, Sean Gallagher at Ars Technica has written a great post describing the technical details.
Meanwhile, if you use a Cisco, Netgear or Linksys router for your small business, make sure your IT professional is aware and can update the router with the fix as soon as it’s available. Here’s the Web page where Cisco will release news of the fix.
We’ve reached out to Belkin for comment and will update when we hear back.