tsites
tsites computer tuition, website design, network security
articles

You may be aware of securing your computer against viruses, unwanted malware, or other such online underhanded tactics. However, have you considered the vital link that connects you to the rest of the internet - your router.

Pretty much everything with a computer chip can be hacked or modified in some way or another, and your router is no exception.

Thankfully, the process to check your router's integrity is straightforward. Go to f-secure.com, and click on the 'Check your router' button.

What are the risks if your router has been hacked? Don't enter your log-in details on any online service, on any device that is connected to a compromised router. These details are more than certainly harvested by a third-party and used for future exploits. This includes not logging into obvious things such as internet banking, cloud-based services, online sites where you can make purchases such as eBay or Amazon; and also things as basic as your email. Even if your computer is storing your email password, this is transmitted upon checking for new mail and a compromised router will gather anything it can. Once your email is compromised, it's the start of over 70% of all hacking attempts.

What can you do if your router has been hacked? You've probably read about Fancy Bear and similar groups hacking routers recently. (Magecart #5). The best things to do is firstly turn off the router. Do a factory reset - usually there's a small pin-hole button you can insert a paper-clip into and hold for 5 seconds while the router turns back on. This will reset your router's firmware to it's factory default. (You'll of course need to completely setup your router from scratch again). Choose a secure password - Ok, there's no such thing, but nothing too obvious. Login to your router's control panel (use the ip address in a browser connected to the network 192.168.x.x - see your router's manual). Once logged in, if you have the following options, make sure to do the following:

Change your default router login. (username: admin password: admin is no good! - and neither is the defaults printed on the underside of the router)

Change the SSID, or Wi-Fi network name. Particularly if the wi-fi name mentions the make of the model (for example, if the network contains 'Linksys' then it's a giveaway to a hacker that it's a linksys device). A double-bluff works well here. Call it 'Airport N basestation' if you don't have one. Don't bother to hide your SSID or Wi-Fi network as this can still be discovered with a command-line tool in under 5 seconds, so it's a bit of a moot point.

Make sure your wi-fi network is using WPA2 at least. Preferably using AES encryption. If it's only got WEP as an option then throw your router away now.

Turn on the router's firewall. Make sure you use the 'strict' setting.

Disable WPS and UPnP Features. These are meant to make the process of other devices joining the network as simple as possible. Unfortunately WPS and UPnP is laughably hackable and is like a welcome mat to an attacker.

Check for router updates - this is normally done under the router configuration pages and it's advisable to update your router as much as possible to combat known exploits and zero-day vulnerabilities.

Do you actually need Wi-Fi? Can you exist with a direct Ethernet cable to router connection? If the answer is yes, then turn off the 'enable wi-fi' option in the router to purely use an ethernet connection as this is a lot safer. Why advertise you are there at all if you don't need to.

You could consider using a dynamic DNS service if your router supports it. Here's a list of some.

Make sure your router does not have DMZ turned on. This effectively opens the firewall to attack. (I've actually seen this turned on remotely with a compromised router).

If you are replacing your router, don't go for ones that came bundled with your ISP - these are more widespread and as such are a great target for attackers. Go for a high-end router from a brand you can trust. Here's a list of the most secure routers.

Make sure your router is hidden and preferably locked away - many routers have a USB port (for sharing printers, and for backing up configuration or firmware). With a correctly created malicious USB stick, the router can be compromised in the time it takes to reboot. Don't expose the router if it's in a public or untrusted position where anyone can access it. And of course, if someone can get to that reset button, the default code is printed underneath the router. A good idea to remove this label as well.

You can also visually map your wi-fi network signal. Doing so is time consuming and is more than a weekend project, but why transmit outside the house if you don't need to. To this end, a simple sheet of lead-lining curved around the router strategically is enough to prevent signals in one certain direction. You don't have to go to the lengths in the video - walking around your home/business with the wi-fi networks screen open on a smartphone will give you some idea of range and power of your router. You can place varying sheets of radio-wave absorbing material accordingly where you want the signal to stop. Again, not a simple project, but one to consider when building any network.

You may think this is paranoid or that you aren't a target. This is true to some extent, however while your data may not be worth anything to attackers, your connection and it's geographic location is: you can use a compromised device to act like a stepping stone to another target, then effectively wipe the target router when done to mask your connection attempt further.

Back to Forum Listing