Steve Weisman is a lawyer, college professor, author, and one of the country’s leading experts in cybersecurity, identity theft, and scams. See Steve’s other Con Watch articles.
Many of us give little thought to our routers. But if you’re reading this online, you are probably using a router. A router is a device that manages the data – literally routing it– between the internet and any devices in your home that use the internet: your computer, smart phone, and maybe your TV or even your refrigerator (if you have a really fancy one). Unfortunately, unless proper security precautions are taken, your router can put you in danger of being hacked. An unsecured router can lead to identity theft or the spread of malware.
ComputerWorld calls a hacked router “the worst thing that can happen to computer users.” Through a hacked router, criminals can steal your personal information, send you to fake websites, upload malware, or even use your network to attack other networks.
For instance, the FBI recently issued an official warning about foreign hackers using a type of malware called VPNFilter to target the routers of homes and small offices. Once downloaded to a computer, this malware enabled the hacker to steal information, exploit devices, and even block network communications, rendering the routers inoperable. Unfortunately, according to the FBI the VPNFilter malware is difficult to detect and defend against.
Despite these disturbing breaches, most people do not adequately protect their routers from hackers. A study by security company Avast found that about 80% of Americans do not properly secure their routers. If your router is compromised, the security of all of your devices that use the router is in jeopardy.
While consumers should be taking basic steps to protect themselves, they are not the only ones at fault. Manufacturers have also been culpable. In 2017, the Federal Trade Commission filed a complaint against D-Link Corporation alleging it had failed to take reasonable steps to protect the security of its routers and IP cameras, thereby putting its customers in extreme danger of being hacked. Among the flaws exposed by the FTC were hardcoded login credentials in the D-Link software of the username and password “guest” that could provide a hacker with easy access to the webcam’s live feed. The FTC also noted a software flaw called “command injection” that would allow a hacker to take control of the consumer’s router by sending unauthorized commands over the Internet.
How to Secure Your Router
While no system is completely hack-proof, taking a few steps can help make your router and other devices much more secure.
- Always do your homework and research routers before you purchase one to make sure you are getting one that provides proper security. Consider getting a router that provides automatic updating.
- If you do not use a router that automatically updates, download the latest security updates to your router whenever they become available. Check the manufacturer’s website regularly to find the latest security patches and updates.
- Make sure your router is protected by a username and password. Upon installing your router or any internet-connected device, immediately change the default password to a strong, secure one.
- Reboot your router. This can disrupt malware and help identify infected devices. In order to reboot your router, turn it off and wait ten seconds before turning it back on.
- Disable remote management settings on your router. Remote managementis intended to let you manage your router’s settings from a web interface no matter where you are. Unfortunately, it also makes it easier for hackers to do the same thing. The directions for this vary by manufacturer, so check their websites.
- Upgrade to the latest version of your router’s firmware. Unfortunately, unlike many of the computer software programs that can be set up to automatically install the latest security updates, this is not the situation with many routers. You need to look for them and download them yourself. You should check for updates about every 90 days. Here are links with information for updating popular routers:
- For added protection, the FBI recently recommended you reset your router to its original factory settings;unfortunately, this is quite time consuming and will require you to update all security patches for your router and set up your Wi-Fi again so that your devices can reconnect. You should contact your router’s manufacturer for instructions as to how to reset it.
If this seems like a lot of work (and it does to me), you may wish to consider getting a router that does automatically download updates. Among the routers that work automatically to download necessary updates is the highly rated Linksys AC2600. Since 2017, Netgear routers provide automatic updating.
As we connect to the Internet through more and more devices such as smart televisions, thermostats and even children’s toys, it becomes increasingly important to be cognizant of maintaining proper security in all devices.