01.14.19

Is your internet router leaving you vulnerable to malware?

You probably don’t spend a lot of time thinking about your internet router, unless it struggles to deliver reliable Wi-Fi or Ethernet. If it’s working properly, it’s virtually invisible. However, with the rapid rise of the Internet of Things (IoT), these same routers have become the new front lines in network security, emerging as some of the biggest targets for the orchestrators of vast globe-spanning botnets. How did such a mundane group of devices move to the center of cybersecurity concerns?

Why your router could be secretly putting your data at risk

A router is to internet connectivity what a breaker box is to in-home electricity – an intricate interface for controlling how you receive an essential service from the outside world and, as such, a chokepoint for critical interchange. Just as a breaker box can be upended by a circuit becoming overloaded, an internet gateway can be compromised by malware designed specifically to spy on all of the sensitive data it carries to and from your devices, including emails and payment card numbers.

The recent VPNFilter malware reveals the extent of what can go wrong. This threat targeted known exploits in common router models from some of the most prominent vendors in the space, ultimately enlisting at least 500,000 of them into a botnet. The effect was shocking, but not surprising. After all, Symantec, in its 2018 Internet Security Threat Report, identified routers and modems as the biggest sources of IoT-based attacks against its honeypots, accounting for over 45 percent of the total.

Logging on with Facebook or Google credentialsA router is to internet connectivity what a breaker box is to in-home electricity.

There are several reasons routers are so vulnerable to harm:

  • They’re not up-to-date: Many of the routers targeted by VPNFilter were no longer supported by their vendors, meaning they had documented flaws that were not patched. Moreover, even later models often lack the latest firmware because end users receive no notifications that updates are available.
  • They have protocols that enable large-scale attacks: Universal Plug and Play (UPnP) and the Home Network Administration Protocol (HNAP) both expose routers to risk from the internet at-large. A 2014 worm called TheMoon took advantage of HNAP and had to be emergency patched by Linksys.
  • They have too many (unsafe) shortcuts: Wi-Fi Protected Setup allows access to some routers by entering an 8-digit hardcoded PIN instead of the network password. Some routers also have easily guessable default logins that are the same for all models, enabling facile access for remote attackers.

Minimizing the risk from your internet router

What can you do to stay safe? Start by finding the IP address of your router – it’s usually 192.168.0.1 or 192.168.1.1. Type that into your browser and you should see a screen allowing you to manage the device’s settings.

Apply any firmware updates if they’re available. Then, turn on automatic updates if that’s an option. Disable UPnP,  HNAP and cloud-based management if you don’t need them and ensure that you’ve set up a strong network password to prevent unauthorized access. Set up a guest network so you can limit how many people have your Wi-Fi password saved on their devices. Consider buying a secure commercial router to replace the one your ISP provides or the consumer-grade one you bought at the store, and make sure it has WPA3, the latest in Wi-Fi security.

Finally, add extra defense downstream from your router by implementing a suite like Unlimited Internet Security from Total Defense, which will help shield your data and identity. Learn more by visiting our shop page today.