Is Your Router Spying on You?
Is Your Router Spying on You?
A quick answer. Probably. Millions of retail and commercial routers have been compromised by a Russian malware called VPNFilter. According to the FBI, the amount of infected routers is way more than originally thought when they first released the warnings.
According to a new report from security firm Cisco Talos, the VPNFilter malware is “targeting more makes and models of devices than initially thought, and has additional capabilities, including the ability to deliver exploits to endpoints.”
If you own one of the affected routers including models from Asus, D-Link, Huawei, Ubiquiti, Upvel and ZTE — it’s strongly recommended that you perform two key steps: upgrade the firmware and then factory-reset the router.
First of all, this is not to difficult and there are two ways to update your router’s firmware. Most routers have a built-in update function to check for newer firmware. You can use this tool to update and then reset the router. Some models may have had this function compromised, so to be on the safe side:
- Write down the model number of your router
- Go to the manufacturer’s website and click on the support link
- Enter your model number and follow the links to download the latest firmware.
- Login to your router and go to the administration or tools tab depending on the model to update the firmware.
- Choose the option to upload the update from your computer (Note: you will lose access to the Internet while this is updating) and select the file you downloaded from the manufacturer’s website. It will then ask you to confirm the update, load the new firmware and reboot your router.
- It is also recommended that you do a “Factory Reset” of the device which means it will loose its settings. You can: 1) write down the setting of your WAN, LAN and port forwarding rules so you can properly reconfigure your router after reset, or 2) have a network professional do it for you.
Once you have done this you should be good to go. remember to check for updates to firmware every 30-60 days. Most manufacturers have a notification system to alert you of releases. I encourage you to subscribe for this.
If you are uncomfortable with doing any part of this, call us and we’ll be glad to perform this for you. An important note: If you are using a router provided by your ISP or service provider, do not attempt this. Call support for you provider and request that they update your router ASAP. Do not let them put you off. Most will try to tell you you have nothing to worry about but ISP’s are usually the worst at doing these kinds of updates. Don’t take no for an answer as this flaw has been exploited in millions of routers without users knowing.
Which routers are affected?
Courtesy of Cisco Talos, here’s a current list of the models affected by VPNFilter.
Asus
- RT-AC66U (new)
- RT-N10 (new)
- RT-N10E (new)
- RT-N10U (new)
- RT-N56U (new)
- RT-N66U (new)
D-Link
- DES-1210-08P (new)
- DIR-300 (new)
- DIR-300A (new)
- DSR-250N (new)
- DSR-500N (new)
- DSR-1000 (new)
- DSR-1000N (new)
Huawei
- HG8245 (new)
Linksys
- E1200
- E2500
- E3000 (new)
- E3200 (new)
- E4200 (new)
- RV082 (new)
- WRVS4400N
Mikrotik
- CCR1009 (new)
- CCR1016
- CCR1036
- CCR1072
- CRS109 (new)
- CRS112 (new)
- CRS125 (new)
- RB411 (new)
- RB450 (new)
- RB750 (new)
- RB911 (new)
- RB921 (new)
- RB941 (new)
- RB951 (new)
- RB952 (new)
- RB960 (new)
- RB962 (new)
- RB1100 (new)
- RB1200 (new)
- RB2011 (new)
- RB3011 (new)
- RB Groove (new)
- RB Omnitik (new)
- STX5 (new)
Netgear
- DG834 (new)
- DGN1000 (new)
- DGN2200
- DGN3500 (new)
- FVS318N (new)
- MBRN3000 (new)
- R6400
- R7000
- R8000
- WNR1000
- WNR2000
- WNR2200 (new)
- WNR4000 (new)
- WNDR3700 (new)
- WNDR4000 (new)
- WNDR4300 (new)
- WNDR4300-TN (new)
- UTM50 (new)
Qnap
- TS251
- TS439 Pro
- Other QNAP NAS devices running QTS software
TP-Link
- R600VPN
- TL-WR741ND (new)
- TL-WR841N (new)
Ubiquiti
- NSM2 (new)
- PBE M5 (new)
As usual, if you have any questions, please email me at rtrembath@quasardata.com.