Con Watch: Why a Hacked Router Is “The Worst Thing That Can Happen to Computer Users”

Through a hacked router, criminals can steal your personal information, send you to fake websites, upload malware, or even use your network to attack other networks.

Router with all its lights on, indicating a working connection to the internet.
(Shutterstock)

Weekly Newsletter

The best of The Saturday Evening Post in your inbox!

SUPPORT THE POST

Steve Weisman is a lawyer, college professor, author, and one of the country’s leading experts in cybersecurity, identity theft, and scams. See Steve’s other Con Watch articles.

Many of us give little thought to our routers. But if you’re reading this online, you are probably using a router. A router is a device that manages the data – literally routing it– between the internet and any devices in your home that use the internet: your computer, smart phone, and maybe your TV or even your refrigerator (if you have a really fancy one). Unfortunately, unless proper security precautions are taken, your router can put you in danger of being hacked. An unsecured router can lead to identity theft or the spread of malware.

ComputerWorld calls a hacked router “the worst thing that can happen to computer users.” Through a hacked router, criminals can steal your personal information, send you to fake websites, upload malware, or even use your network to attack other networks.

For instance, the FBI recently issued an official warning about foreign hackers using a type of malware called VPNFilter to target the routers of homes and small offices. Once downloaded to a computer, this malware enabled the hacker to steal information, exploit devices, and even block network communications, rendering the routers inoperable. Unfortunately, according to the FBI the VPNFilter malware is difficult to detect and defend against.

Despite these disturbing breaches, most people do not adequately protect their routers from hackers. A study by security company Avast found that about 80% of Americans do not properly secure their routers. If your router is compromised, the security of all of your devices that use the router is in jeopardy.

While consumers should be taking basic steps to protect themselves, they are not the only ones at fault. Manufacturers have also been culpable. In 2017, the Federal Trade Commission filed a complaint against D-Link Corporation alleging it had failed to take reasonable steps to protect the security of its routers and IP cameras, thereby putting its customers in extreme danger of being hacked. Among the flaws exposed by the FTC were hardcoded login credentials in the D-Link software of the username and password “guest” that could provide a hacker with easy access to the webcam’s live feed. The FTC also noted a software flaw called “command injection” that would allow a hacker to take control of the consumer’s router by sending unauthorized commands over the Internet.

How to Secure Your Router

While no system is completely hack-proof, taking a few steps can help make your router and other devices much more secure.

  • Always do your homework and research routers before you purchase one to make sure you are getting one that provides proper security. Consider getting a router that provides automatic updating.
  • If you do not use a router that automatically updates, download the latest security updates to your router whenever they become available. Check the manufacturer’s website regularly to find the latest security patches and updates.
  • Make sure your router is protected by a username and password. Upon installing your router or any internet-connected device, immediately change the default password to a strong, secure one.
  • Reboot your router. This can disrupt malware and help identify infected devices. In order to reboot your router, turn it off and wait ten seconds before turning it back on.
  • Disable remote management settings on your router. Remote managementis intended to let you manage your router’s settings from a web interface no matter where you are. Unfortunately, it also makes it easier for hackers to do the same thing. The directions for this vary by manufacturer, so check their websites.
  • Upgrade to the latest version of your router’s firmware. Unfortunately, unlike many of the computer software programs that can be set up to automatically install the latest security updates, this is not the situation with many routers. You need to look for them and download them yourself. You should check for updates about every 90 days. Here are links with information for updating popular routers:
  • For added protection, the FBI recently recommended you reset your router to its original factory settings;unfortunately, this is quite time consuming and will require you to update all security patches for your router and set up your Wi-Fi again so that your devices can reconnect. You should contact your router’s manufacturer for instructions as to how to reset it.

If this seems like a lot of work (and it does to me), you may wish to consider getting a router that does automatically download updates. Among the routers that work automatically to download necessary updates is the highly rated Linksys AC2600. Since 2017, Netgear routers provide automatic updating.

As we connect to the Internet through more and more devices such as smart televisions, thermostats and even children’s toys, it becomes increasingly important to be cognizant of maintaining proper security in all devices.

Become a Saturday Evening Post member and enjoy unlimited access. Subscribe now

Comments

  1. Same thing happening to me. Router has been hacked. Not allowed an internet connection. Certain phone numbers and messages are rerouted cutting me off from family and friends. Monitoring private conversations. Can’t research my problem because my searches are denied or rerouted. It’s very horrible.

  2. Now tell us what to do after it happens. Nothing you wrote mentioned anything about them takeing over your router. The now control it. And even Comcast says that I don not have a account.

  3. This is maybe why I can’t get into my Facebook or Snapchat no matter what I do it just keeps going to the login page after my credentials are entered .

  4. My router is hacked right now and doesn’t allow any internet use. It doesn’t say anywhere that buying a new one effectively solves the problem. There’s plenty of advice on how to reboot a router but I can’t even get it to reboot despite everything I’ve researched this week. I had the same problem with a local technician and a linksky router technician, they’ve never heard of this problem. Why is that? It’s their job right?

  5. I had my router hacked over 3-years ago, by someone I know. Since then, I have purchased three completely new sets of devices (computers, routers, modems, printers, iPads and smart phones). It has cost me thousands of dollars and I am disabled, so Disability is not enough, and the danger to me, of being totally cut-off from the outside world, is huge (I’ve already had 2 strokes while I was alone, and was unable to call an ambulance, because the hackers installed listening apps to my devices, and froze my key-pad so I couldn’t call anyone).
    I have found that calling manufacturers or seeking advice from “Network Experts”, is useless because they have never heard of router hacking before!
    Where to next?
    *The email given below will not reach me, I have no access to the Internet and am borrowing a friend’s phone. I only have a land line, also connected to my latest router, which is now owned by the hackers: (781) 538-4467.
    This is not a duplicate

  6. Thank you for this. It’s very frustrating and scary that people are doing this. I need to share an example that’s been happening to me. I’m watching ABC news all the sudden the news anchor says a cuss words or says something you know she would say and my tv gets fuzzy. It’s like someone’s blackmailing certian people through the tv.

Reply

Your email address will not be published. Required fields are marked *