On May 25, the FBI issued a clarion call to a broad swath of Wi-Fi router owners: To clear out a potential botnet malware infection, reboot your router.
The malware, VPNFilter, allowed hackers to snoop on all traffic passing through the router, including stealing website log-ins, as well as disable the device. But the reboot was only a temporary fix: Router owners must update their router firmware to fully eliminate the potential infection, a much harder task than simply turning the router off and on.
The VPNFilter malware infected more than 500,000 Wi-Fi routers across 54 countries, according to experts at Cisco Systems’ Talos security research team. They originally saw VPNFilter infections around the world but focused in Ukraine, and targeting 15 models of routers and network-attached storage devices from Linksys, MikroTik, Netgear, and TP-Link. They later expanded the list to more than 50 devices. (The full list is at the bottom of this story.)
READ MORE ON ROUTERS AND THE INTERNET OF THINGS
Your old router could be a hacking group’s APT pawn
Why hackers love your Wi-Fi (and how to protect it)
How to secure your home Wi-Fi
Time for a Department of the Internet of Things?
The long reach of Mirai, the Internet of Things botnet
5 questions to ask before buying an IOT device
“Foreign cyber actors have compromised hundreds of thousands of home and office routers, and other networked devices worldwide,” the FBI said in a warning posted to the Web site of the Internet Crime Complaint Center. “The actors used VPNFilter malware to target small office and home office routers. The malware is able to perform multiple functions, including possible information collection, device exploitation, and blocking network traffic.”
While consumers have become familiar with the automatic-update processes for desktop software like Google Chrome, mobile apps such as Facebook, and operating systems such as Android, iOS, Windows, and Mac, updating a router can be a more challenging process.
Presuming that the router maker has issued a firmware update, consumers need to accept automatic updates or update them manually. When auto-updates fail, as was the case with the VPNFilter-affected Netgear R7000, manual updates mean downloading the update, logging in to the router interface, updating it, and checking that the update has been properly applied.
“The fact that routers are insecure is not a new phenomenon, but their importance in networking makes their security a chief concern,” security analyst Joshua Meyer said, following news in March of another botnet that affected 765,000 Wi-Fi routers. Meyer is an analyst at Independent Security Evaluators, which tests the security of computers, Internet-connected devices, and networks.
“If you’re not comfortable doing your own IT support, the best thing to do is to buy the router that is on the recommended list from the operator.”—Riley Eller, chief technology officer, Unium
Sometimes, of course, firmware updates are simply not available. And sometimes properly installed updates simply don’t work as intended.
“Every time you change your firmware, you run this risk,” says Riley Eller, chief technology officer of Seattle-based Unium, a software company which builds advanced Wi-Fi technologies such as mesh networks, and acquired by Nokia in March.
At that point, Eller says, consumers should consider replacing the router. But first they should check for a firmware update.
To check for an update, Eller says, consumers should open their router management software. Alternatively, they could also log directly into the router via a Web browser by typing 192.168.1.1 or 192.168.0.1 into the URL bar while connected to the at-risk Wi-Fi network.
Once logged in to the management software, owners of routers from major manufacturers such as Asus, D-Link, Mikrotik, and Netgear, are typically notified whether an update is available. They can also go to the router vendor’s management site (often by searching for the make and model of the router) to see if a firmware update is available.
Modern routers will have a straightforward process for updating the router, often downloading the update, then logging into the router, navigating to the firmware management page, then uploading the firmware. (Firmware is the software that controls the router.)
Routers more than five years old generally should be replaced with ones that are easier to update.
In the long run, Eller suggests, consumers uncomfortable managing their own router firmware consider using wireless routers supported by their Internet service provider (such as Comcast) so that device failure doesn’t stick consumers with the bill.
“If you’re not comfortable doing your own IT support, the best thing to do is to buy the router that is on the recommended list from the operator,” Eller says. But instead of renting a cable modem, which can cost $10 per month, he cautions, “Buy your own cable modem, which pays for itself in a year.”
List of devices affected by VPNFilter so far:
Other QNAP NAS devices running QTS software