A router works like a small computer and runs customized software designed for a particular purpose. Routers have operating systems, often a graphical interface, and are usually connected to the internet.
Routers have security problems
Big price differences between routers are often confusing to consumers as, unlike with personal computers, the quality difference is not always obvious. As routers are normally tied to a physical location, it is also rather difficult to test their reliability in different environments, unlike with highly mobile laptops or smartphones.
Routers often do not receive updates, or updates have to be manually downloaded and applied—a cumbersome process that is not an attractive option to many non-tech-savvy users.
Routers are desirable targets for attackers as they sit at a very sensitive spot on a network—right at the edge. They are a centralized point and connected to every single device in the network. Routers read all of the data that each device sends to the internet, and if these connections are unencrypted, the router could easily inject malicious scripts and links.
Unlike with devices that users directly interact with, suspicious behavior in routers might go undetected for much longer. When a router goes rogue, there are no popups or warning signals, and errors such as inconsistent speed or dropped connections might appear indistinguishable from errors on the side of the Internet Service Provider.
Routers with remote access are easy to exploit
As a general rule of thumb, a router’s control panel should only be accessible to those physically nearby it. This reduces the attack surface significantly, making it harder to anonymously and remotely attack the router and nearly impossible to attack a large number of routers at once.
Restricting access to only wired connections is a good step towards greater router security. Without Wi-Fi, router control depends entirely on material access, a security concept we are far more familiar with.
No Wi-Fi means there’s no need to worry about a wireless hack, all you need to do is make sure no one enters the space a router sits in. If the router is at a publicly accessible place, we can easy put a physical lock on it.
Many routers have been hacked in the past
In 2014, the Moon Worm infected a large number of E-Series Linksys routers. An administration panel left open by default, and poor checking credentials, became the gateway for malware whose purpose still remains unknown. A patch was provided by Linksys, but until it was supplied users were advised to disable remote access on their routers. We can only speculate on how many users of these routers regularly read blogs on information security and actually saw the advice.
A few months before Moon Worm, Polish online banking users were targeted with a perfidious attack. Malware infected the routers in a similar way as the Moon Worm, but only made small changes to the software. It pointed the router to separate DNS servers, and when the users would enter the URLs of their banks, they would instead be redirected to phishing sites where their accounts would be compromised. Another similar attack compromised 300,000 routers all around the world.
Also in 2014, hackers managed to take over dozens of routers in Germany and defrauded thousands of euros from each user, when attackers set up virtual VoIP phones and used them to call expensive premium numbers. This was possible because the default setting on the routers allowed remote logins.
What if my router has been infected?
The first step to regaining control is to find the reset button on the back of the router. It is usually a very small button that needs to be pressed for a few seconds with a needle or paper clip. The lights of the router will flash when the reset process has started.
Pressing the reset will revert the router back to the state it was bought in, and you will be asked to select a new password and reconfigure all other settings. Sadly the security hole that allowed your router to be compromised will still exist and likely lead to another compromise soon.
Inform yourself about commonly known security issues with your router by searching for the model number on the web. You might find a clue as to how your router got infected, and what you can do to prevent it happening again.
Protect yourself from rogue routers
Change the settings of your router and make sure that remote access is denied and that the admin panel has a sufficiently long and unique password. Make sure to apply all available firmware updates, ideally by setting your router to download them automatically.
On some routers, especially older and cheap ones, you might find that updates are unavailable and security options dissatisfactory. While a new router should not break the bank, $10USD routers don’t cut it regarding security and privacy. Opt for a router with open-source software and automatically applied updates.
Buffalo and Linksys are, among others, reputable manufacturers of DD-WRT routers. You can also buy ExpressVPN branded routers on Flashrouters, which make it as easy as possible for you to set up ExpressVPN on your router.
Once you have a router capable of running open-source software, you can flash it with the latest operating system yourself, keeping you safer from attacks.
If you do not have control over your router (e.g. if your Internet Service Provider has bundled it with your modem and does not allow you to change it, or if you’re using public Wi-Fi), you can still protect yourself from eavesdropping, corrupt DNS records or injected malware by running a VPN.