What exactly do I need to do to protect my router against the attack the FBI is warning about?
This question was answered on May 29, 2018. Much of the information contained herein may have changed since posting.
The recent warning sent out by the FBI (https://goo.gl/PwcbQm) about hackers compromising hundreds of thousands of routers commonly used in homes and small businesses is an indication of how important this particular threat is to many.
The exploit can silently capture everything you’re doing on your various devices, including stealing usernames and passwords and limit or completely shut down your Internet connection altogether.
The FBI’s reference to ‘small office and home office routers’ generally refers to inexpensive consumer grade routers that typically lack the level of security and management available in expensive business class routers.
Who’s At Risk?
The brands known to be vulnerable include Linksys, Netgear, QNAP, MicroTik and TP-Link but my advice is that everyone with a consumer router should assume that it may be vulnerable and update it anyway. The older your router is, the more likely that it’s vulnerable.
The malware that‘s threatening routers and some QNAP network-attached storage (NAS) devices is known as VPNFilter. It’s particularly pervasive because it can remain even if an infected device is rebooted.
The malware authors also focused on intercepting industrial control system communications that control large-scale systems such as gas pipelines, power transmission and water distribution, which is another reason for the FBI to be concerned.
How It Infects
The most likely methods of infection are possible because most consumer routers are still using the default admin username and password and haven’t patched known security exploits after they were initially setup.
The steps to protect your router from this and many other router specific security threats is pretty straightforward.
Before you perform any of these steps, read them all so you don’t get stuck in the middle of the process without something you’ll need. It’s also critical that you document any of the settings that you’re currently using such as level of encryption, SSID and passwords so you can re-enter them when the reset and update are complete.
If you don’t use the exact same SSID and password when you’re done, you’ll have to reset each device that connects to your Wi-Fi network with the new credentials, which can be a bit of a hassle if you have lots of home automation or IOT devices in your home.
You’ll also need to make sure you have an Ethernet cable to connect your computer directly to your router before you get started.
The first step is to find out the exact model of router you own (usually stamped on the bottom or side) and download the most current firmware from the manufacturer’s support website (If you have a newer router that has the automatic update feature built-in, you can skip this step).
Since there’s no simple way to know if your device is infected, performing a hard reset, which wipes out the malware and all your settings is the next step.
Once your router has restarted and your connected computer is able access it, carefully follow the installation instructions for updating the firmware.
Finally, make sure you change the default username and password for the administrative interface to something only you will know and re-enter all the connection settings you documented prior to resetting.
About the author
Posted by Ken Colburn of Data Doctors on May 29, 2018