You’re sitting at your computer, browsing the web and suddenly a pop-up appears offering you an app that will give you updated COVID-19 info from the World Health Organization. “That’s helpful,” you think, and click the button to download and install the program. And, congratulations, you have just installed the Oski information-stealing Trojan that will then scoop up your saved payment information and passwords, cookies, browsing history, cryptocurrency wallets, and a ton more, to be used by hackers to steal your money, get into your accounts, and possibly steal your identity. (Don’t click links in pop-ups!)
But where did this pop-up come from? Security researchers have determined that it arrived because your internet router (the box installed by your provider to connect you to the internet), or, if you have one, your own wireless router, was invaded and the DNS settings changed to direct victims to malicious sites.
DNS is the internet’s address book. When you enter a website’s name in the address bar, or click a link, the DNS server translates that name into the IP (Internet Protocol) address, a series of numbers that, like a phone number, connects you to the site you want. Of course, the trouble with any address book is that if someone messes with the entries, you end up calling the wrong person. In the case of this attack, the hackers are pointing you to a really messed up, malicious address book.
The problem often begins with an improperly secured internet router. It may have a weak password, or no password at all, for example, allowing the hacker to get into its configuration and replace the legitimate DNS settings with less friendly ones.
But that’s not the only mischief that can arrive via your router. Once someone is on your network, they can spy on you and your family, infect computers and devices (or even take control of them), or use your connection for illegal purposes like launching attacks on businesses. So it makes a LOT of sense to spend a few minutes making sure it’s secure.
Step 1 – DNS settings
While we can’t give explicit instructions for each router on the market, we can tell you what to look out for. Here are a few settings to check and correct if necessary.
First, if you happen to have gotten the popups we mention, you need to fix the DNS settings on your router. Sign in to it (if you don’t know how, ask your provider’s support folks; they can also reset your router’s password if you’ve lost it so you can create a new one), and look for DNS settings. It should be set to automatic (or ISP assigned), which means your provider controls DNS. If it’s not, change the setting and click “Save”. Then reboot all devices connected to the network to fix their DNS settings, which they get from the router. It would be smart, at that point, to run a virus check on all of them as well.
The hacking of your DNS settings is a clue that something else is wrong, so you have a few more things to do. Change the admin password on the router, for starters, and make the new one a strong one. Microsoft has a password strength checking app that you can use to see if the one you’ve chosen isn’t too easy to crack. Basically, a strong password should include a mix of character types (upper case, lower case, numbers, and, if the device allows, symbols), not be a word, and be at least eight characters long. Some experts recommend a passphrase rather than a password.
Step 2 – changing names and adjusting encryption
Once you change the password, you’ll be signed out. Sign back in; you have more work to do:
- When you first set up the router and you didn’t change the name it uses on the network, known as the SSID (say, “Linksys”, or “Bell-1234”), give it a new, non-obvious name (not your family name or your address or apartment number).
- Check the encryption the device uses. Rob Barton, chief architect at Cisco Canada tells us to look at it like this: WEP is bad. WPA2 is good.
- Disable remote administration, which allows someone outside your network, like a hacker, to administer the router from wherever they are.
- Disable UPnP (Universal Plug and Play), if it’s on. You can connect just fine without it, and it has known issues that make it a security risk.
- If the device is one you own (say, a wireless router attached to your provider’s modem), check for updates to its internal software (aka “firmware”). Some devices have a “check for updates” option, for others, you may need to visit the vendor’s website and follow their instructions. Ask your provider how they update the devices they own and make a fuss if they waffle – this is your security you’re looking at!
Tom’s Guide, a well-respected hardware site, also recommends disabling WPS, a quick and easy way to connect devices to a router that, surprise, can be a major security risk. In fact, it quotes a security expert who believes that the all-in-one router/cable modem/wireless access point boxes providers give customers should be dumbed down to be merely cable modems, with customer-owned business-grade routers added to control the home network. That is likely too expensive for most of us, though, so secure what you have.
An article in Computer Hope makes many of the same recommendations and suggests disabling the SSID broadcast that shows a list of available networks when you tell a device to connect. You’ll then need to remember and type in the SSID to connect, rather than choosing it from a list. On the plus side, a hacker won’t be able to choose your router from a list – they’ll have to know the network name to attack it.
It also suggests enabling MAC address filtering on the router. The MAC address (also known as the physical address) is a series of letters and numbers that uniquely identifies the network interface in your device. You can find it in the network properties on the device. If you tell the router that only devices with specific MAC addresses are allowed to connect to the network, foreign devices will be blocked.
Here’s a final thought that’s especially important to businesses: Cisco’s Barton notes that as more and more employees work from home, and people accumulate more devices that attach to their networks, a secure home network is now not just a convenience (OK, a necessity) for your family, it’s vital to business continuity as well.
