When you buy a laptop, it doesn’t matter who the maker is — you get updates directly from Microsoft for as long as a decade after the release of the OS, so that all security holes are quickly patched as soon they are discovered. It isn’t the same way for other devices, though. Once you buy an Android phone, the most that you can hope for is one OS upgrade, if that. You don’t get regular security updates every week the way you do with Windows.
There are plenty of other devices that get no OS support once you buy them, as well; the Internet router for your home is a prominent example.
Equipped with a processor, an OS and memory, the average home router has the makings of a proper computer. The fact that routers are connected to the Internet means that they are at risk if they aren’t updated on a regular basis.
With computer OS makers such as Microsoft and Apple working hard to plug security holes as they become apparent, virus writers tend to find routers far more attractive targets — they have nonexistent security, and they are a tunnel into practically every Internet-connected device in the home.
How does a router become a security threat?
If you’ve ever clicked on a Google result for a legitimate website like the New York Times or the Merriam-Webster dictionary, and found yourself on webpage peddling porn or some sort of shady product, you’ll know that there’s something wrong. If you’re connected to your home Wi-Fi network when this happens, you should begin to suspect the router.
Virus writers manage to hijack routers by writing code to change their DNS settings. DNS, a system that helps translate the web addresses that you click on into actual website IP addresses, can be easily hijacked. With the right kind of malware code, your router can be made to use a shady DNS server that takes you to any website the hacker chooses, no matter what you click on.
Often, hijacked routers are programmed to redirect all banking website requests to counterfeit sites to enable phishing attacks. If you don’t make a habit of checking your browser’s address bar for the https:// that precedes the name of the website, you’ll never know when this happens.
How do you check to see if your router is compromised?
One of the most reliable ways of checking to see if your router has been compromised is to look at its DNS settings. If they have been changed, you’ve probably been hacked (though other explanations are possible). Checking on this setting is easy — all you need to do is to look at the product label on your router for the IP address to type into your browser (it’s a four-part number), and use the username and password provided.
Once you sign in, you should look for the link or tab called WAN, and for the DNS link under it. If it set to Automatic, it means that you’re fine. If it’s set to Manual, though, usually, it’s a problem. You should check to see if the DNS is specified as anything other than 0.0.0.0. If it’s anything else, it’s possible that you’ve been hacked. Hitting the Reset button on the page should usually fix the problem, although this may make your router nonfunctional. You may need to call your ISP to have your router reprogrammed.
How do you protect yourself against such attacks?
A number of simple steps is all it takes to secure your router.
Check to see if firmware is the latest version: many routers are designed to allow firmware updates. This way, they can have their security holes patched. If your router offers such functionality, you should use it. Usually, though, if your router is ISP-supplied, you’ll find that your ISP keeps your router updated.
Turn off remote control: Many routers offer remote access functionality to allow ISPs to remotely make any changes necessary. Intruders can use this functionality to gain access to your router. Going to your router’s setup page to disable remote access can help keep these unwelcome guests out.
Don’t use the default password: Most routers ship with simple default login credentials (admin : admin is common). These simple credentials make it easy for hackers to get in. Changing the password to your routers access page is an excellent way to protect your router.
You should disable UPnP: Your router’s Universal Plug and Play functionality is a particularly vulnerable technology. It is so vulnerable, even router manufacturers ask you to turn it off (see: ciscopress.com/articles/article.asp?p=461084).