On May 28, 2018 the FBI issued a public service announcement urging everyone to immediately reboot their routers in an attempt to thwart a Russian malware attack identified as “VPN Filter”. This attack can gain access to connected devices, copy your personal information and even permanently disable your router.
Rebooting removes the second and third stages of a VPN Filter attack, but leaves the initial stage intact. The FBI believes that all of the internet addresses that propagate the next two stages have been identified and blocked. Is rebooting really all that is needed?
Resetting to factory defaults and updating the router firmware are more thorough actions which will usually remove all three stages. The list of affected devices is still growing and too long to list here. I found several lists by searching for “routers affected by VPN Filter”. If your router appears on the list, your product manual (available online if you lost yours) will provide the needed instructions.
While VPN Filter has grabbed the headlines by infecting over 500,000 devices, router malware has been around since 2009. With omnipresent wireless home networking, the vast numbers of potential victims attracts abundant interested hackers. Consumers often consider routers simple plug-in appliances and chronically ignore them as long as they seem to work. Perhaps now is time to pay attention to the gadget that manages every bit of information that enters or leaves your home. Security advisors have long advised a few simple but effective router safety precautions:
First, change two crucial passwords (router access and network access) from the widely published factory defaults to strong personal passwords that will discourage hackers seeking an open front door. One survey found that 82% have omitted this task, essentially leaving the front door open to all.
Second, regularly update the internal software that controls router operations – the “firmware” embedded in flash memory. Manufacturers provide software updates throughout the year to address security problems. If your router has the latest updates, you’re far less likely to be infected with malware. Very recent routers can be set to do this automatically, but most will require you to access the internal controls periodically to initiate an update. Instructions vary by manufacturer and model, so consult your owner’s manual or search for the customer support pages for your router. If your router has not had updates available for years, it’s definitely time for a new router!
Third, make sure you are using the strongest encryption protocol your equipment offers. For most, this will be WPA2-AES although WPA3 will be appearing “soon”. Older protocols, such as WEP, are no longer considered adequate.
There are always more steps than can be taken. Turn off the router if your network will be idle for more than a few hours, password protect your guest network if you have one; turn off Remote Management and Universal Plug and Play to reduce security risks.
If you’re unfamiliar with computer devices, you can find lots of basic information on line. Here’s a place to start: www.makeuseof.com/tag/what-is-a-router/