Securing your router
YOUR ROUTER NEEDS SOME SECURITY LOVIN’ AS WELL.
BACK IN MAY and June, a major new cyber security threat was found. Called VPNFilter, the malware was different from your usual strains of malware, because it didn’t directly infect PCs. Instead, it infected routers.
Over 500,000 routers worldwide were predicted to be affected, and this was one nasty virus. In addition to being able to brick the router it infected, VPNFilter could monitor traffic travelling across the router, extracting passwords and personal and financial information from any unencrypted transmissions. It also actively worked to unencrypt connections by changing the HTTPS in URL headers with HTTP, which would send you to an unencrypted (HTTP) version of a site rather than the encrypted (HTTPS) version.
Perhaps worst of all, VPNFilter could actually inject malicious code into your web traffic. You could be visiting a perfectly safe website, but it would hijack the code for that site and inject malicious JavaScript into it, potentially providing a way for malware to be delivered to your PCs and other devices on your home network.
Now the good news is that VPNFilter — at least the original strain of VPNFilter — was neutered by the FBI. It was a multi-stage virus, meaning that it would start with a ‘bootstrap’ stage, which would reach out across the internet to download the rest of the virus into the router’s memory.
The websites that it reached out to have been shut down by the FBI, meaning that the second and third stages of the virus — which had the dangerous code — can’t initiate anymore. When VPNFilter tries to download the rest of its payload, it can’t find anything. Because the second and third stages only stay in memory, rebooting your router actually fixes most of the VPNFilter problem.
It’s possible, however, that new strains of the virus can appear. It’s not entirely known, at least at time of writing, how so many routers were infected, but if it was done once, it could happen again. So perhaps it’s time to take a good hard look at your router security.
PERFORM A FACTORY RESET
The first thing to do is clear off any existing infections on your router, and you can do that by performing a factory reset. We talked about how VPNFilter was neutered above, and how rebooting your router will get rid of the worst of it. But Stage 1 of the infection actually sticks around between reboots, and the only way to really clear it off it to perform a complete reset.
Before you do anything, you should make a note of your internet connection settings. These will be gone after the reset, and you’re going to want to be able to reconfigure your router to connect to the internet again.
You should also note that your router’s Wi-Fi settings will be reset. That means the router will revert to its default password (or turn Wi-Fi off, if that’s the router’s default setting). If you connect to the router over Wi-Fi, you should look up the router’s default password, or better yet, find an Ethernet cable and plug into it directly. If the router vendor has a mobile app, it’s also a good idea to download it, since that will make reinitialising the router easier.
When you’re ready to reset the router, it’s time to find the reset button. It’s usually a tiny button on the back, recessed to only be pressable with a long pointy thing like a toothpick or paper clip. Once you’ve done that, follow the 30/30/30 rule to perform a hard reset. This means that first (with the router power on), you press and hold the reset button for 30 seconds; then, still holding the button, you turn off the power for 30 seconds; then (again, still holding the button), you turn it back on and wait 30 more seconds. That should return the router to its factory state.
Now you’ll have to go and reinitialise the settings. Using the mobile app, desktop app
that came with the router or the web interface, set your router up again. Enter the internet settings, and set up Wi-Fi again. Make sure that you secure Wi-Fi properly, that means settings it to WPA2 security with a good password (yes, if it’s different from before, you will have to go to all your wireless devices and reconfigure them for the new password). Never leave the default Wi-Fi password enabled.
FOR PITY’S SAKE, CHANGE THE DEFAULT ADMIN PASSWORD
You know how we just said to change the default Wi-Fi password? You should also change the default admin password for the router as well. This is a different thing from your Wi-Fi password — it’s the password you use to log into the router’s admin interface. It’s also how they most often get infected — hackers just try the default password and it works most of the time because people don’t bother to change it from the default (which is usually ‘admin’). To be fair, the router makers often don’t make it easy to find the administration password settings. Likely, you’ll have to log in and trawl through the web admin tool for you router, or go digging through the mobile app. On Linksys routers, for example, you can find it under ‘Connectivity > Basic’. On ASUS, you’ll find it under ‘Administation > System’. On TP-Link you’ll typically find it under ‘Management > Access Control > Password’; though on newer router models you may have to go ‘Advanced > System Tools > Administration’. In general, you’ll find it somewhere under Administration or Management.
Give the router a good password, and then use your password manager to save it, so you can forget it. (You’re using a password manager, right? If not, you should be.)
UPDATE THE FIRMWARE
OK, you’ve updated the password. Now it’s time to update the firmware to the latest version. Most of the major router vendors have released new ones since VPNFilter came out.
Most people don’t ever bother to update their router’s firmware — they just use whatever the router came with forever. It’s time to change that habit! Fortunately, some routers have auto updating (usually switched off by default), but on others you’ll just have to occasionally manually update it.
Find the router’s firmware update section in the administration console. It’s usually located under Management or Administration — probably somewhere near the password update section we just accessed.
Most routers now have an online update option, where it will automatically go online and download an updated version for you. If not, you’ll have to go to the vendor’s website manually, find and download the latest version for your router, then use the manual update button. If your router has automatic updates, switch it on.
CHECK REMOTE ADMIN
The final step is to make sure that remote administration is switched off. Remote admin allows people from outside your network (such as internet hackers) to take control of your router if they have the password. If you have it switched on, you’re exponentially more likely to be hacked.
Fortunately, if you went through Step 1, you should be safe. We don’t know many router models that have it switched on by default. But just to be sure, you can check.
You’ll likely find it in your router settings under Administration, Management or Connectivity, often on the same screen as the password setup from Step 2. Make sure that it’s disabled — that way nobody who is not connected to you local network can access the administration console of your router.
With that enabled, and all the other steps done, you should be much, much safer than before.