FBI’s router reboot call reminds us why to check for updates

Seth Rosenblatt -

On May 25, the FBI issued a clarion call to a broad swath of Wi-Fi router owners: To clear out a potential botnet malware infection, reboot your router.

The malware, VPNFilter, allowed hackers to snoop on all traffic passing through the router, including stealing website log-ins, as well as disable the device. But the reboot was only a temporary fix: Router owners must update their router firmware to fully eliminate the potential infection, a much harder task than simply turning the router off and on.

The VPNFilter malware infected more than 500,000 Wi-Fi routers across 54 countries, according to experts at Cisco Systems’ Talos security research team. They originally saw VPNFilter infections around the world but focused in Ukraine, and targeting 15 models of routers and network-attached storage devices from Linksys, MikroTik, Netgear, and TP-Link. They later expanded the list to more than 50 devices. (The full list is at the bottom of this story.)

READ MORE ON ROUTERS AND THE INTERNET OF THINGS

Your old router could be a hacking group’s APT pawn
Why hackers love your Wi-Fi (and how to protect it)
How to secure your home Wi-Fi
Time for a Department of the Internet of Things?
The long reach of Mirai, the Internet of Things botnet
5 questions to ask before buying an IOT device

“Foreign cyber actors have compromised hundreds of thousands of home and office routers, and other networked devices worldwide,” the FBI said in a warning posted to the Web site of the Internet Crime Complaint Center. “The actors used VPNFilter malware to target small office and home office routers. The malware is able to perform multiple functions, including possible information collection, device exploitation, and blocking network traffic.”

While consumers have become familiar with the automatic-update processes for desktop software like Google Chrome, mobile apps such as Facebook, and operating systems such as Android, iOS, Windows, and Mac, updating a router can be a more challenging process.

Presuming that the router maker has issued a firmware update, consumers need to accept automatic updates or update them manually. When auto-updates fail, as was the case with the VPNFilter-affected Netgear R7000, manual updates mean downloading the update, logging in to the router interface, updating it, and checking that the update has been properly applied.

“The fact that routers are insecure is not a new phenomenon, but their importance in networking makes their security a chief concern,” security analyst Joshua Meyer said, following news in March of another botnet that affected 765,000 Wi-Fi routers. Meyer is an analyst at Independent Security Evaluators, which tests the security of computers, Internet-connected devices, and networks.

“If you’re not comfortable doing your own IT support, the best thing to do is to buy the router that is on the recommended list from the operator.”—Riley Eller, chief technology officer, Unium

Sometimes, of course, firmware updates are simply not available. And sometimes properly installed updates simply don’t work as intended.

“Every time you change your firmware, you run this risk,” says Riley Eller, chief technology officer of Seattle-based Unium, a software company which builds advanced Wi-Fi technologies such as mesh networks, and acquired by Nokia in March.

At that point, Eller says, consumers should consider replacing the router. But first they should check for a firmware update.

To check for an update, Eller says, consumers should open their router management software. Alternatively, they could also log directly into the router via a Web browser by typing 192.168.1.1 or 192.168.0.1 into the URL bar while connected to the at-risk Wi-Fi network.

Once logged in to the management software, owners of routers from major manufacturers such as Asus, D-Link, Mikrotik, and Netgear, are typically notified whether an update is available. They can also go to the router vendor’s management site (often by searching for the make and model of the router) to see if a firmware update is available.

Modern routers will have a straightforward process for updating the router, often downloading the update, then logging into the router, navigating to the firmware management page, then uploading the firmware. (Firmware is the software that controls the router.)

Routers more than five years old generally should be replaced with ones that are easier to update.

In the long run, Eller suggests, consumers uncomfortable managing their own router firmware consider using wireless routers supported by their Internet service provider (such as Comcast) so that device failure doesn’t stick consumers with the bill.

“If you’re not comfortable doing your own IT support, the best thing to do is to buy the router that is on the recommended list from the operator,” Eller says. But instead of renting a cable modem, which can cost $10 per month, he cautions, “Buy your own cable modem, which pays for itself in a year.”

List of devices affected by VPNFilter so far:

Asus:

RT-AC66U

RT-N10

RT-N10E

RT-N10U

RT-N56U

RT-N66U

D-Link:

DES-1210-08P

DIR-300

DIR-300A

DSR-250N

DSR-500N

DSR-1000

DSR-1000N

Huawei:

HG8245

Linksys:

E1200

E2500

E3000

E3200

E4200

RV082

WRVS4400N

Mikrotik:

CCR1009

CCR1016

CCR1036

CCR1072

CRS109

CRS112

CRS125

RB411

RB450

RB750

RB911

RB921

RB941

RB951

RB952

RB960

RB962

RB1100

RB1200

RB2011

RB3011

RB Groove

RB Omnitik

STX5

Netgear:

DG834

DGN1000

DGN2200

DGN3500

FVS318N

MBRN3000

R6400

R7000

R8000

WNR1000

WNR2000

WNR2200

WNR4000

WNDR3700

WNDR4000

WNDR4300

WNDR4300-TN

UTM50

QNAP:

TS251

TS439 Pro

Other QNAP NAS devices running QTS software

TP-Link:

R600VPN

TL-WR741ND

TL-WR841N

Ubiquiti:

NSM2

PBE M5

Upvel:

Unknown models

ZTE:

ZXHN H108N