Can Your Router Catch A Virus

Routers are an integral link in your chain of Internet security. A router functions like a small computer running custom software designed for the specific purpose of allowing you to control your Internet and Wi-Fi access. Routers have their own operating systems and sometimes have a graphical interface all of which allows you and your guest or employees to access the Internet from a wide variety of devices.

What you may not know, is that routers can be infected by malware and can be compromised through attack vectors leading to a variety of problems that can be very different from a regular run of the mill cyber-attack.

Router Security Problems

You may not understand why there are such significant price differences between seemingly similar routers. When it comes to routers the differences in quality and security are difficult for the average user to detect. It can also be difficult to test the reliability of your router in various environments as they are normally tied to a specific physical location.

Routers need to be updated, but oftentimes router updates have to be downloaded manually and applied which is a difficult and extremely technical process, which is not an easy process especially for those of you reading this who are not particularly tech-savvy.

Routers are an especially easy target for most hackers to attack because they operate on the edge of the network. Because the router is at a centralized point of your network, and connect to every device on the networks, breaking a router can give a cyber-attacker access to your entire network. Also because the router reads all of the data used by each device, if those connections are not encrypted (like by a VPN service such as SecureVPN) the router can be used by the hacker to inject malware and links.

The most dangerous part of having your router hacked is that because users do not interact with their router on a regular basis, suspicious behavior can go undetected for much longer. When a router has been compromised there are no warning signs. In fact the errors that occur when a router might have been compromised such as slower speeds or more frequently dropped connections can often be attributed to Internet Service Provider errors or general connectivity problems.

The Problems With Remote Access

Wi-Fi and remote access make your router even easier to attack. It’s a good idea to make sure that your router’s control panel is only accessible to those with physical access to it. The purpose of this is to reduce the attack surface thus making it more difficult to anonymously and remotely attack your router. While it may not be possible at work, restricting access to wired connections only as without Wi-Fi the router cannot be controlled without someone having physical access to it, which is way too much work for most hackers and outside of their skillsets.

Past Router Attacks

The most famous mass attack on routers occurred in 2014 when the Moon Worm virus infected a huge amount of E-series Linksys routers. The vulnerability was an administration panel, which had been left open by default and when combined with poor checking credentials became the way in for a series of malware attacks whose purpose has still not been revealed. Linksys provided a patch while also recommending that users disable the remote access on their routers. It is highly unlikely that most users of the E-series routers actually updated the patch leaving an unknown number of routers still at risk.

Before Moon Worm, there was another series of attacks on Polish banking users. Unlike the Moon Worm attack these cyber-attackers infected the routers then pointed the users to a separate DNS server. Once the user were directed onto this separate DNS server, the users would enter the URLs of their banks and be re-directed to phishing sites set up by the hackers.

What If Your Router is infected?

If you suspect your router might be infected, the first step is to reset the router manually. This is usually accomplished by using a paper clip or pen cap to push the small inset button on your router for a few seconds until the lights on the router flash to let you know the reset has started.

Resetting your router will bring it back to the factory settings, and you will need to select a new password and reconfigure all of your other router settings. Resetting is just a temporary fix as the vulnerability that allowed your router to be compromised will still exist, and will need to be patched or fixed before you are truly safe from other router based attacks.

It’s worth doing a Google search for common security issues that are well known in order to see what you can do to prevent a new infection.

Protect Your Router.

The best way to protect your router is to select a router that supports free open-source software like DD-WRT or Tomato. You also want to make sure that you have bought a router, which has automatically applied updates so that you don’t have to go through the cumbersome and unpleasant process of manually updating the software. Buffalo and Linksys are two of the most reliable brands of routers and offer DD-WRT versions. There are even routers which are configured to be run with VPN service which provide the highest levels of security possible.

Once you have your new router, you want to change the settings to deny remote access and make sure that the admin panel has a safe and secure password that is at least 8 characters long with at least 1 symbol, and upper and lowercase letters.

If you don’t have direct access or control of your router (like for instance if your internet service provider has given you a modem/router) you will want to protect yourself further by running a VPN to make sure that you are safe from eavesdropping, DNS attacks and malware injections.