How To Reboot Your Router, Comply With The FBI's Request, And Protect Yourself
MAY 29, 2018 @ 08:01 AM
Anthony Karcz , CONTRIBUTOR
Last week, Talos Intelligence released a detailed report on a new breed of malware (VPNFilter) that targets network routers directly, instead of the devices hooked up to them. It's concerning because routers usually don't have malware intrusion countermeasures.
In a quick bit of government intervention, the DOJ, in cooperation with the FBI, seized control of the domain the Sofacy Group was using for the botnet. This is good news for infected parties, since the malware won't be able to reestablish itself after communication has been interrupted. But for that to happen, you need to reboot your routers. The FBI and Department of Homeland Security have both issued statements requesting as much.
Do I Have to Reboot?
Maybe not, but it's a simple process that shouldn't take much of your time. However, if your router model is on the list of targeted devices, you should at least reboot your device immediately, possibly more (but we'll get to that).
So which unlucky devices did Talos find were targeted? Here's the list.
Linksys: E1200, E2500, and WRVS4400N
Mikrotik: 1016, 1036, and 1072
Netgear: DGN2200, R6400, R7000, R8000, WNR1000, and WNR2000
QNAP: TS251 and TS439 Pro
TP-LINK: R600VPN
If your network employs any of the devices listed above, keep reading. If you have a device from any of the above brands, you should probably keep reading too, as it's likely your device also has the exploited vulnerability and could be at risk.
Don't have one of the above devices? You're OK, but it doesn't hurt anything to perform the following steps just to make sure you're safe.
The Easy Way
For all of you that are rolling your eyes just thinking about having to do network maintenance, I've got good news. There's a simple, low-tech way to reboot your router.
Unplug it.
Seriously, that's all you have to do. Unplug the router. Wait a full 60 seconds for the device to reset itself. Plug it back in.
Go about your business knowing you've made your network safer and complied with the FBI's request (how good you feel about that may vary).
The Better Way
While it might be simplest to reboot your router with a quick unplug, it's not the best way to ensure your network is secure.
If your device has an associated app (like the Google WiFi app pictured above), the best course of action is to go to the device settings for your network. From there, you can select the Reboot option.
Before you do that, though, check to see if your router's firmware is up to date. If the option is available, have the app check and see if there are any updates that have to be applied. Updating the firmware requires an automatic reboot anyway, so you'll be making sure your device is properly protected and more secure in the future.
If you're not sure if your firmware is up to date, or your app doesn't have the option, check the manufacturer's website and follow any steps listed there to update your device.
Oh, and if you're still using the default username and password for your router, change those while you're updating the device. Default router logins for nearly every major brand can be found with a quick Google search. It would be akin to changing the locks on your house, then leaving the front door open.
It could be these devices automatically update themselves, so vulnerabilities are harder for hackers to find and exploit. Or maybe they just weren't targeted this time around. Either way, if this incident has made you a little suspicious of your current networking hardware, you might want to think about upgrading. Consider a system with a monitoring app, one that automatically applies firmware updates.
How To Reboot Your Router, Comply With The FBI's Request, And Protect Yourself
MAY 29, 2018 @ 08:01 AM Anthony Karcz , CONTRIBUTOR
Last week, Talos Intelligence released a detailed report on a new breed of malware (VPNFilter) that targets network routers directly, instead of the devices hooked up to them. It's concerning because routers usually don't have malware intrusion countermeasures.
In a quick bit of government intervention, the DOJ, in cooperation with the FBI, seized control of the domain the Sofacy Group was using for the botnet. This is good news for infected parties, since the malware won't be able to reestablish itself after communication has been interrupted. But for that to happen, you need to reboot your routers. The FBI and Department of Homeland Security have both issued statements requesting as much.
Do I Have to Reboot?
Maybe not, but it's a simple process that shouldn't take much of your time. However, if your router model is on the list of targeted devices, you should at least reboot your device immediately, possibly more (but we'll get to that).
So which unlucky devices did Talos find were targeted? Here's the list.
If your network employs any of the devices listed above, keep reading. If you have a device from any of the above brands, you should probably keep reading too, as it's likely your device also has the exploited vulnerability and could be at risk.
Don't have one of the above devices? You're OK, but it doesn't hurt anything to perform the following steps just to make sure you're safe.
The Easy Way
For all of you that are rolling your eyes just thinking about having to do network maintenance, I've got good news. There's a simple, low-tech way to reboot your router.
Unplug it.
Seriously, that's all you have to do. Unplug the router. Wait a full 60 seconds for the device to reset itself. Plug it back in.
Go about your business knowing you've made your network safer and complied with the FBI's request (how good you feel about that may vary).
The Better Way
While it might be simplest to reboot your router with a quick unplug, it's not the best way to ensure your network is secure.
If your device has an associated app (like the Google WiFi app pictured above), the best course of action is to go to the device settings for your network. From there, you can select the Reboot option.
Before you do that, though, check to see if your router's firmware is up to date. If the option is available, have the app check and see if there are any updates that have to be applied. Updating the firmware requires an automatic reboot anyway, so you'll be making sure your device is properly protected and more secure in the future.
If you're not sure if your firmware is up to date, or your app doesn't have the option, check the manufacturer's website and follow any steps listed there to update your device.
Oh, and if you're still using the default username and password for your router, change those while you're updating the device. Default router logins for nearly every major brand can be found with a quick Google search. It would be akin to changing the locks on your house, then leaving the front door open.
Protecting Against Future Attacks
Other than keeping your firmware up to date, there's not a lot more you can do to protect yourself. One interesting thing to note, however, is that consumer mesh networks like [Google WiFi(http://www.forbes.com/sites/anthonykarcz/2018/05/16/google-wifi-update-tests-all-your-network-devices-at-once/) or AmpliFi were not on the list of vulnerable devices.
It could be these devices automatically update themselves, so vulnerabilities are harder for hackers to find and exploit. Or maybe they just weren't targeted this time around. Either way, if this incident has made you a little suspicious of your current networking hardware, you might want to think about upgrading. Consider a system with a monitoring app, one that automatically applies firmware updates.
FORBES.COM