“Last week, the FBI released a statement that shocked many — reset your home or office router immediately upon threat of cyberattack,” Luke Larson writes for Digital Trends. “To throw some additional urgency to the matter, the threat was traced back directly to a group connected to the Russian government.”
“It sounds like an easy fix for a major threat, but is resetting your router really going to prevent a major cyberattack?” Larson writes. “Vulnerabilities in routers can be a huge problem, but rebooting the router flushes the short-term memory, and most attacks with it. However, there’s reason to think the recent scare won’t be so easy to solve.”
“According to the FBI, a specific kind of malware called VPNFilter was used, which infected the firmware of routers across the world. The FBI’s statement didn’t much detail as to whether this multi-stage malware might survive the suggested reboot, and that raised the alert of the cybersecurity expert we spoke to,” Larson writes. “‘Until now, we haven’t seen malware on IoT that could survive the reboot,’ said Liviu Arsene, senior analyst at BitDefender. ‘If this malware survives the reboot, it’s a pretty big deal.'”
Read more in the full article here.
MacDailyNews Note: The VPNFilter malware was discovered by Cisco’s security researchers and affects routers made by Linksys, Mikrotik, Netgear, QNAP, and TP-Link, but the FBI urges users of all routers and NAS devices, not just the 14 devices identified by Cisco, to reboot.
Happy router rebooting, everyone!
Yes, the FBI is so trustworthy.
Good comment, Yuri!
The FBI is horribly untrustworthy in many ways.
But, there is no conceivable reason why they would maliciously benefit in some oppressive way from helping people avoid having their router be part of a cyber attack.
Of course, your response is a very important example of why the FBI screwing with people and otherwise being terribly oppressive so often is a bad idea: it means people might not trust them when they are trying to do good.
That’s an important lesson to law enforcement types, which sadly so few of them seemed to have learned.
But but the Russians are Comrade Trump’s favourite friends. They would never do anything like this to their friends (stated Fox News). We only want to adopt their babies (Said Donald Trump Jr).
Hey TowerTone: 2012 called. They want their meme back.
Yeah also 1994 called, David Spade wants his retort back.
(and BTW, that meme is timeless….)
Some people are about as bright as a small appliance bulb.
I resemble that remark! Nyuk nyuk nyuk nyuk…
Sorry, use an Apple Airport – don’t see it on the list. All good.
Not every router has been tested at this point. Reboot all routers AND all NAS to be certain.
I just called Apple support because although we don’t use Apple routers in our department, I’m an IT for a lot of co-workers with Apple routers. The Apple rep I spoke with said Apple did not think Apple routers would be affected, but also said to watch news sites in case something changed in the future. I rebooted anyway, not back to factor settings, but just a basic reboot. Can’t hurt.
Eero support page says there is no need to reboot.
Presumably, they’ve tested their gear for the vulnerability. But it can’t hurt to reboot all routers and NAS devices and to watch for firmware upgrades.
This article reads almost like an ad for BitDefender.
Also it says “reset”, then advises “reboot” or maybe “reset” but a soft or hard or factory reset isn’t specified.
Plus how do you know if you have it and if rebooting worked?
The FBI, the NSA and the DHS ALL made the same warning to reboot every router.
What remains is the fact that several various routers are vulnerable to further attacks and infection UNLESS they’re updated by their manufactures. AND the known list of vulnerable routers is not complete. You’ll find the current list here:
Is Your Router Vulnerable to VPNFilter Malware?
Below is a list of routers vulnerable to VPNFilter, malware that can brick your device.
For now, it appears that the FBI has stopped the ability of VPNFilter to ‘phone home’ for further instructions, essentially rendering it inert, albeit active on non-rebooted affected routers:
FBI seizes VPNFilter botnet domain that infected 500,000 routers
Here’s the current list of known vulnerable routers. Expect the list to grow. They all require firmware updates in order to remove the vulnerability. Netgear further advices users (A) Change their router’s Admin password, and (B) Turn OFF remote management of the router. This advice holds for ALL routers for maximum safety.
• Linksys E1200
• Linksys E2500
• Linksys WRVS4400N
• Mikrotik RouterOS for Cloud Core Routers: Versions 1016, 1036, and 1072
• Netgear DGN2200
• Netgear R6400
• Netgear R7000
• Netgear R8000
• Netgear WNR1000
• Netgear WNR2000
• QNAP TS251
• QNAP TS439 Pro
• Other QNAP NAS devices running QTS software
• TP-Link R600VPN
There are several further strategies for keeping routers safe. I’m writing up an article of strategies to post this weekend. (Click my avatar to find the URL to my Mac-Security blog). A couple major strategies I’d add are:
– Make a backup of your router settings, useful for later restoration if your router gets PWNed.
– Turn OFF UPnP (‘Universal Plug and Play’) a Microsoft network gaming protocol that was never meant to be exposed to the WAN, Wide Area Network. That any router manufacturer allows UPnP on the WAN is literally insane and irresponsible. And yet, many router manufactures not only include it, they default it to ON. Turn the damned thing OFF. It’s a giant security hole.
I consider myself a bit above average for a computer user. I’ve installed HDs, swapped out ram, even took apart and reassembled (without the monitor) a G4 lampshade iMac… but this is beyond me. No idea where to start.
So how does Joe Average PC user go about doing any of this.
Restarted my router the other night not because of this current issue, but because (as happens a few times a year) it lost its internet connection and restarting solves that problem.
Another issue I have is that my router is branded with my ISPs name. No idea who actually manufactured it.
When I ask how, I mean how do I access my router’s settings, how do I change the password, etc., etc.
What do I use to do those things and how do I use them?
I’ve read several articles about the VPNFilter issue and not a one has clear, step-by-step instructions on how and what to do. They all presume I know more than I do.
Look on the back/bottom of the router and you may see a label with details about the modem: Brand, model, serial number. That’s what I’ve found with ISP branded routers.
Theoretically, if the ISP has their name on it, they’re doing all the administration of the router. You may not even be able to get into its settings pages. They do all the updating and make all the settings. You can turn it on or off.
Even routers designed for end users can be a big PITA to figure out. Networking in general is very annoying and complicated. I enjoy diving into complicated tech and figuring it out. But learning networking has never offered me much pleasure. It takes a lot of work and experience to bash through it all and understand all the fiddly bits. Having leapt from that into network security 11 years ago has at least been more interesting as there are literally new things going on every day. But I’m blethering.
I’d give your ISP a call and ask them if you can administrate the settings on the router they gave you. They may well say no. If they say yes, ask where you can get the manual to read. You may find the manual is limited in scope. That’s typical. You learn what you can, then you hit the search engines for answers to your questions not addressed in the manual. Your ISP probably has a forum area where users can ask and share. Start there. The brand of your router may have their own forum. Then dive into the Internet for similar sites as well as helpful How To articles or websites people may have created. You end up learning a lot about researching on the Internet and may figure out a lot, if not everything, about your router.
Check this next week to see if I’ve posted my router security article at Mac-Security.blogspot.com. I’d be glad to interact with you in the comments there if I can help you figure out stuff.
Most likely a browser IP address.
Here is a list of the most common routers and their addresses (many are the same) so try a few of these to start.
https://www.techspot.com/guides/287-default-router-ip-addresses/
Once you are in you may have limited access or complete control.
Another way to figure out the brand is to GOOGLE the FCC ID number usually found on bottom.
Thanks to both of you for the info. I now have places to start checking into things.
You’ve been way more helpful than me just starting some generic web search. Search usually gives me lots of info about stuff that has little relation to what I’m looking for.
Much appreciated.
Glad to help.