Security researchers from Team Cymru have recently announced the results of a study suggesting that more than 300,000 home routers have been hacked. These compromised devices pose a serious security risk to anyone using that Internet connection.
What happened?
The report found that home routers from four popular vendors – D-Link, Micronet, Tenda and TP-Link – were affected. It also notes that other ‘unnamed vendors’ have been affected by the attack.
The hackers appear to have used some relatively well-known software flaws to gain access to the routers. Once connected they have then changed the DNS server address settings used by the devices connected to the network.
Why does that matter?
The DNS settings in your router are used to ensure you connect to the right website every time. By changing the DNS server address to a machine controlled by the hackers, it is possible to intercept web traffic.
Once in control of your web traffic, the hackers can analyse data being sent and received to steal passwords or other sensitive information. Encrypted traffic isn’t safe either; your web browser could be redirected automatically to a fake website to trick you into entering sensitive account details, or to download malware – like a traditional phishing attack.
You can read more about how DNS hijacking works here.
Are you a victim?
To find out if your router has been compromised by hackers, you will need to check the DNS settings. Every router is different, so you will need to refer to the instruction leaflet it came with.
You will also need to contact your ISP to confirm the correct DNS server address settings. They will be able to talk you through the process of resetting DNS addresses if required too.
This particular hacking has only affected routers running out-of-date software. Router manufacturers regularly release software updates and it is vital that you install these patches as soon as they are released. Some routers can be set to update automatically – again, speak to your ISP about whether this is an option for you. If not, you will have to remember to check for updates regularly.
And don’t forget to ask about resetting the DNS cache on each of your devices too – otherwise they may still be directed to fake websites.
Protecting yourself after a router has been hacked
The fact that a compromised router can be used to trick you into downloading malware is further evidence that you must have reliable antivirus software installed on all your devices. That way you are protected against further cyberattacks or data theft – even if your router has been broken into.
This new attacks shows that no one is safe from determined hackers who are targeting every device attached to your network. To learn more about how to protect yourself, and to prevent potential malware infection download a free trial of Panda Dome Essential today.