The Threat of Router Malware and How to Protect Yourself
The Router Threat
When people hear about viruses and malware, their first thought is always their laptop and desktop computers. But most people don’t even think about their networking devices being susceptible to malicious code and malware. The unfortunate truth is that your wireless router can also become infected with malware just like your personal computing devices.
This is extremely problematic – more so perhaps than getting malware on your computer. In almost every home environment a wireless router acts as the single point of entry and exit for data communications, meaning that all data from the local network has to pass through your router. As such, a router that has been infected with malware has the ability to affect every computer that connects to your Wi-Fi as opposed to malware on a personal computing device that would only affect one host.
Thats Not All
But it gets worse. Most modern operating systems have built in security features and ways to alert users that their computer has been infected with malware. Scanning utilities, anti-malware software, and native features are all simple for end users to take advantage of and they do a tremendous job of identifying, quarantining, and removing the malware. But have you ever used a utility to scan your router for malware? Not likely. People tend to take their wireless routers for granted and are never in the forefront of their minds. Malicious malware could be lurking on your wireless router without your knowledge, causing all sorts of digital chaos that destroys your privacy and Internet security.
To be completely honest, it is far more common and likely that your computer will fall victim to malware as opposed to your router because Internet attackers have written more malicious programs to target these devices. Furthermore, some operating systems like Windows are far easier to break into or trick users into clicking on a bad link that will download and install the malware. Infected torrents have been frequently used as a distribution system to propagate viruses and malware, and there are numerous ways that attackers infect computers. Though the risk of an infected router is smaller than the risk of getting malware on your computer, it is still a staunch threat.
In fact, last year router malware named ‘TheMoon’ was discovered and had been found to target Linksys devices. Since the malware was discovered, Linksys have already patched their code and dealt with the issue accordingly, but there are still many other threats from viruses and malware that target security flaws in other routers. Fortunately, there are measures you can take to protect yourself against these threats. The good news is that there are a few things you can do to make certain that you are protecting yourself from dangerous malware threats.
How to Protect Yourself
First of all, if an update already exists for your version of firmware that patches the security flaw, you can (and should) update it as soon as possible. There are also various configuration settings you can utilize to enhance your security. For example, most routers have some type of setting that determines whether or not it can be configured remotely. The default setting is usually set to “0.0.0.0,” which indicates that all IP addresses are valid for remote configuration. This is extremely insecure, so you would want to change this setting to 1 specific IP address or your local subnet address. Remember that if you choose to set it to 1 specific IP address, you will need to either turn off DHCP or assign a static IP address to the computer you want to configure your router from.
Furthermore, you should always change the default SSID (wireless network name) of your wireless router. The problem is that some router manufacturers choose to include the router model’s description in the default SSID. This information could be used by an attacker to see if your particular model has any security vulnerabilities. You should also know that you will need to change the default username and password to your router. I have seen people leave this setting at its default value countless times. The problem is that by leaving the username and password at the default values, anyone and everyone can access the configuration page on your router. All they need to do is perform a quick Google search to find your particular router model’s defaults, and then login to wreak havoc on your local network. Not only do you need to change the default administration password, but you need to make it a strong password that isn’t easy to crack or guess. Don’t make the password your birthday or other simple pieces of information, and make sure your wireless password is strong as well.
However, if it has been discovered that your model of router and firmware version are susceptible to an attack and your manufacturer hasn’t released a firmware update to solve the problem, you always have the option of flashing your router and upgrading the firmware to DD-WRT or other types of code. No code will ever be 100% flawless, but upgrading your firmware to a version that is known to be secure will drastically reduce your chance of being attacked. Also, the steps to upgrade your router to DD-WRT are so easy that you don’t need to be the most tech-savvy person to complete the operation. The only skills you need are the ability to follow instructions from a simple list. Then, if your router manufacturer releases an update and you want to install the updated firmware that contains the bug fix, you can easily revert the DD-WRT installation.
And as always, don’t neglect a VPN and if you’re looking some of the best check out our article here, or a slightly cheaper option here.