You’re happily browsing the web, visiting websites, doing a bit of online banking, and perhaps some gaming. Everything is perfect, with your computer secured with a firewall and antivirus software, and perhaps a VPN.
No hacker is going to be ruining your day, right?
Well, that all depends on how secure your router is. Here are 10 ways your router could be exploited by hackers and drive-by wireless hijackers.
1. Default Admin Password and SSID
Millions of routers ship every year, all with an admin password preconfigured, and printed on the side of the device. It doesn’t take a genius to work out that every single password can’t possibly be unique. As such, it’s possible to use a relatively small number of passwords to gain access to routers from a single manufacturer.
While it is straightforward to change the default password for your router, it’s not something most people do. There is no automatic “forcing” of a password reset. Basically you need to login to the router’s admin console to do it. The overwhelming majority of router owners generally don’t go near this console… if you’re one of these people, you’re at grave risk of being hacked.
Checking your router’s documentation to login and chance the router password is vital. Our guide to setting router passwords should help here.
While you’re at it, learn how to change the router’s broadcast name (SSID). In particular, be concerned about routers supplied by your ISP. These often use addresses or phone numbers to create SSID names — something that helps drive by hackers (“wardrivers”) identify your property.
You don’t want that.
2. Obvious Admin Interface Address
Another issue with routers is that they can all be accessed in pretty much the same way. With a default password, SSID and an easily guessable IP address, the router can be hijacked.
For example, the default IP address for router admin interfaces is 192.168.1.1 or 192.168.0.1. This isn’t a secret — anyone can find out this information, either by searching online, or using network tools. You’ve probably already realised that means anyone can log into your router’s admin console, gaining access to your home network.
Once again, changing the default IP address is something you can do from within the admin screen, which is accessed via your web browser. As with the password and SSID, it’s one of the first things you should change after setting up your router.
3. Cloud-Based Router Management
Over the past few years, a somewhat ridiculous new tool has been offered by router manufacturers: cloud-based management. This is a cloud-based service layer that provides an interface with your router.
That’s right: you’re only able to access the cloud-based management tool if the supported router is connected to the internet. Great idea… not. Then there’s the mesh router systems, such as Google Wi-Fi, which are entirely cloud based, and can only be accessed from a mobile app. Mesh routers do have an advantage when it comes to firmware updates, but you should only be looking at such devices if they also offer local admin access.
After all, do you really want to leave the administration of your router to an unknown third party? How do you feel about an additional layer of trust between you and your router? So many “trusted” services have been hacked over the years that it seems insane to accept cloud-based router administration.
4. UPnP Enabled by Default
Browsing your router’s admin console, you’ll find that Universal Plug and Play (UPnP) is enabled by default. This networking protocol, enabled on internet-facing ports, exposes you to external attack because it was designed for local area networks (LANs), not the internet. As a result, it has no security.
Having UPnP enabled, therefore, is a big risk. Your router is basically a magnet to internet-based malware, and you don’t want an open door to your data labelled “UPnP”. Spend a few moments in your router’s documentation or online help file and learn how to disable UPnP.
While you would expect UPnP to be disabled by default, this isn’t always the case, especially on older router models.
5. The HNAP Management Bug
You may not be familiar with HNAP. The Home Network Administration Protocol (HNAP) is intended to enable ISPs to manage the routers they’ve sent out to customers. Although accessible by the end user, it is particularly useful to ISPs.
Unfortunately, it has a massive flaw.
With HNAP, your router’s device name and other information is broadcast, in plain text, without any form of encryption. For this reason alone, you need to disable HNAP. The problem is, it often doesn’t switch off when instructed. You’ve guessed it: the only solution to HNAP is to buy a new modem, or at least contact your ISP and express your displeasure. Hopefully, they’ll offer a replacement forthwith.
To check for the HNAP vulnerability on your router, go to this URL:
If you’re able to get a positive response from the router, you’ve got problems.
6. WPS Is a Security Nightmare
It can be really easy to allow guests to access your network without sharing your Wi-Fi password. All they need is the Wi-Fi Protected Setup (WPS) code, printed on the base of your router.
This is an eight-digit PIN that will remain the same even of the router name and password are changed. However, as you’ve already realised by this point, it’s also a security risk.
First, the code remains the same (unless you force a change in the admin console), so a visitor to your home can gain access again and again. There’s no facility to force a guest user to re-authenticate each time they visit your home. That’s not good.
Second, and perhaps more worrying, is the PIN itself. While it appears to be an eight-figure PIN, it isn’t. Instead, the first seven figures are split into two groups, one of four, and another of three. These are validated as too sequences, while the eighth number is a checksum, to complete access to the router. But while an eight-digital number has 10 million combinations, this type of PIN has just 11,000. WPS makes it simple to hack a Wi-Fi network.
That’s a code that could potentially be guessed — a brute force attack would certainly make light work of it. Your solution here is to disable WPS from the router’s web console.
7. Unstable Firmware
Updates downloaded from your router manufacturer or ISP should increase your device security. It follows that your network will become more secure in turn. But sometimes that doesn’t happen. For instance, following a firmware update, your previous changes to the router configuration (such as your own admin password and SSID, etc.) could be overwritten. Typically, the router is updated, but back to the factory settings, requiring you to reconfigure it. This often happens with updates from your ISP, and is a good reason to use any profile saving facility on offer in the router’s admin screen.
Other problems can occur.
Unstable firmware installations can occur if the data is incorrectly applied, or the update image is rolled out to incompatible devices. Whatever the case, an unstable or reset firmware on your router can open the doors to hackers.
There isn’t an awful lot you can do about this. When it comes to ISPs, they will roll out firmware without warning. Some manufacturers will let you know, but not all. Flashing the DD-WRT firmware to your router is a possible answer here, but it isn’t compatible with all devices.
Really, the answer is to regularly login to your admin console and check the status of your router.
8. The USB Port
More and more routers are shipping with a user-accessible USB port. This feature is increasingly sought-after and it’s easy to see why. With a USB port, you can connect USB flash drives and hard disk drives to your router. This essentially converts your router into a NAS box, a central repository for your data. As a result, the data on your drive can be accessed from anywhere on your home network.
In many ways, this is extremely convenient. But if your router is already insecure, the data on the USB drive could be accessed by intruders. Worse still, the USB port could be targeted by an intruder with a physical attack.
Picture this: someone posing as a tradesman, or even someone you know, slipping a compact USB drive into the back of your router. Saved to the drive is malware designed to hijack your router.
Your router is now part of a botnet.
Prevent this from happening: disable the USB ports. If you’ve previously enjoyed using the router like a NAS box, perhaps it’s time to buy one. If money is a problem, you could use your Raspberry Pi as a NAS.
9. Inexplicably Open Ports
In addition to the ports mentioned earlier, it is not uncommon to find that your router has other ports open. Some of these are necessary, such as HTTP. Most others are not. Unless you’re running some specialist equipment or projects at home, you probably don’t need POP3 (110) or VNC (5900) ports open, for example.
To check if your router has some ports open that you think should be closed, you’ll need a port checking tool. Several are available online; we used the tool at yougetsignal.com.
Use these results to configure your router. If you’re not using a particular service or protocol, then there is no need for the corresponding port to be open.
10. Beware the Misfortune Cookie
It might sound like something you get from a Chinese restaurant, but the Misfortune Cookie is far from edible. Indeed, it’s likely to give you indigestion.
A software-specific vulnerability in some 12 million routers when discovered, the Misfortune Cookie is so named because of an error in HTTP cookie management in the affected devices. This error enables an attacker to craft HTTP cookies to exploit the vulnerability, corrupting the router and altering the device’s state. This could involve attachment to a botnet, for instance. It certainly affords the attacker remote access to your router… and other devices on your network.
Furthermore, routers can be hijacked to use in a man-in-the-middle attack, and bypasses your device’s hardware firewall. Any computer, tablet, phone, entertainment system or IoT device on your network can be affected.
What can you do about this? Well, begin by checking if you have been affected. You’ll know if you have: the router’s web console will not be accessible using the usual credentials.
To fix the exploit, check with your router’s manufacturer. The bug should have been patched in an update. If it hasn’t, then either look for a new router, or see if your device is compatible with DD-WRT.
Fix Your Router Today!
Hopefully by now you’ve taken steps to fix these issues with your router. It is imperative that you do so, to prevent hackers accessing your network, and bots hijacking your router or PC.
Because routers are all so very different, you’re going to need to spend some time with your device’s documentation. All of the issues above are fixable — it’s simply a case of finding the right screen in the browser-based admin screen.
Have you experienced security issues with your router? Did any of the above vulnerabilities need fixing? Tell us below, sharing your router model, to encourage other readers to check their own routers.
Image Credit: dedMazay/Depositphotos