Do You Know Whether Somebody Has Already Hacked Your Home Network?

Nobody ever told me…

One of the most overlooked ways to hack into your home or small office network is the modem/router that likely provides your Internet connection.

Hundreds of thousands (if not millions) of Internet routers have been hacked.

In one test, security researchers analyzed 20 of the highest-selling routers and found that half of the devices had multiple security vulnerabilities, which didn’t even include configuration errors.

According to Bitdefender’s real-time monitoring, routers are one of attackers’ most targeted Internet-of-Things devices.

Most people receive a combination modem/router from their Internet Service Provider (ISP), but some people purchase their own. Even though you can have a separate modem and router, the majority of those provided by ISPs are combined into one piece of equipment. For the sake of simplicity, we’ll refer to this device as a router.

Wherever the device came from, most people never change critical settings that can make it very easy to hack.

Here’s where you start

The first, and probably the most important thing to change, is the primary login credentials to manage the device. Almost every router comes with a default User ID and password. In the setup guidelines (which many people never read), one of the first instructions given is to change these settings.

Most people never do, and this gives an attacker easy access to your router.

The default User ID for many routers is “admin,” with a password of “password.” Some routers come from an ISP with a label on the back that shows the password. The one we received from our ISP has a sticker on both the front and back of the router, to make access easier for the owner.

Leaving the default administrator credentials in place is not much different than having a front door without a lock. Attackers know the default login credentials for most routers, and use them to hack into these devices every day.

There is even a website that provides the default credentials for many routers (designed for people who reset their routers and can’t find the setup documentation that came with the device). To check the default information for your router, go to https://www.routerpasswords.com/.

When changing the administrator User ID, create something that contains a different User ID than you use for any other login. The administrator password also needs to be unique and not easily guessed. Password managers, such as LastPass, can help you to generate a unique and secure password, and then help you remember it by storing the administrator login credentials in the encrypted LastPass database.

According to a report from Tripwire, a cybersecurity firm, 46% of consumers and 30% of technology professionals never change their default router passwords.

You may be asking what someone could do with administrator access to your router. Here are just some of the possibilities:

• The attacker can redirect your Internet connection to a web page that phishes for your account credentials.
• A hacked router can take you to a web page that tells you to download software updates that may infect you with malware.
• An invader can conduct what is called a “man-in-the-middle attack,” so they can see everything you do on what you believe is a secure and encrypted connection.
• The hacked router can be hijacked to serve as a “bot” on a malicious botnet that can be used to launch Distributed Denial of Service (DDoS) attacks against websites, companies, or even government agencies.
• The router can be used to attack other devices connected to your network, potentially providing access to any data stored on or transmitted by those devices.
• If any Internet-of-Things (IoT) devices are connected wirelessly to the router, they could be taken over remotely to spy on anything within range. Think smart TVs, home assistants (Amazon Echo, Google Home, etc.), or other devices such as the intelligent Nest thermostat or the Ring doorbell.

The other important setting to change is the Service Set Identifier, or SSID, of your router that provides your wireless signal (some routers have more than one). The SSID is the name of your network that is broadcast to anyone that may want to connect.

Unfortunately, many routers come with a default SSID that shows the manufacturer and the model number of the router. Using routerpasswords.com and other resources, it’s very easy to look up the default administrator login credentials to see if they still provide access.

If the router provides the capability of multiple Wi-Fi networks (many routers can have several), make sure to change the access passwords to connect to each of these networks.

Lots of routers today have at least two frequencies: a 2.4 gigahertz band and a 5 gigahertz band. If you have a router with these frequencies, they can each have a different name and connection password.

There are some fundamental differences between the two frequencies. The 2.4 GHz band is probably used by other appliances or devices in your home or office. For example, most older cordless phones, garage door openers, and baby monitors use this frequency. One of the reasons it is more widely used is that the signal travels farther and transmits better through walls to provide enhanced coverage.

If someone outside is scanning for nearby Wi-Fi signals, they are most likely to see your 2.4 GHz signal as available for a connection.

The 5 GHz band is not currently used much by other devices (although this may change with the addition of more Internet-of-Things devices) and does not transmit as far as the 2.4 GHz band.

Some security professionals suggest that using the 5 GHz band may be more secure, just because someone in your neighborhood may not be able to detect it and try to connect.

Name each of your wireless network segments with different SSIDs that are something not identifiable with you or your location. Naming an SSID as “Walt’s Network” or leaving a default SSID as the model of your router is not a good idea. Give each a unique name, so they can’t be easily associated with the same router.

Many of the better routers will allow you to create different wireless segments and give you the capability to limit the use of individual segments by user or device, with a different password for each one.

Examples of why this is useful would include creating a “guest” segment for visitors who do not need permanent access to your network. Another use might be only to allow the Internet-of-Things (IoT) devices to connect to a separate network segment.

I would recommend creating a secure encrypted note in your password manager that contains all of the information about your router (manufacturer, model number, serial number, default User IDs and passwords, along with the new ones you generate to improve the security of the router). This might come in handy in the future.

You will also want your router to use the most up-to-date encryption, which is currently WPA2.

Finally, check for firmware updates. Firmware is the embedded software that controls everything on your router. Users can’t delete the firmware, but it can and should be updated. Similar to software updates on other devices, firmware updates fix security and software problems that have been identified for the router. Firmware updates should be available from the router manufacturer’s website.

If you are not able to update the router’s firmware, it’s probably time to replace it with a more updated (and secure) model.

Are There Other Options?

If you’re interested in exploring more secure routers or other devices that will protect your home or small office network, consider the following, but do your research before deciding what might best serve your needs:

The F-Secure Sense Security Router – https://www.f-secure.com/en_US/web/home_us/sense

The Bitdefender Box 2 Smart Home Cybersecurity Hub – https://www.bitdefender.com/box/

The Pepwave Surf SOHO router – https://www.peplink.com/products/pepwave-surf-soho/

The Norton Core Router – https://us.norton.com/core

There are other settings and best practices related to router security that can improve your safety even more but are beyond the scope of this post.

For additional information, go to:

https://routersecurity.org

Conclusions

While improving the security of your router(s) won’t protect you from every threat, if you follow these recommendations, you will have done more than most to reduce some of your techno-crime risks.

If you’re interested in more tips to increase the security of your smart home, we’ve published a free Smart Home and Mobile Device Security Checklist that is available in the Free Content Library on our website at https://technocrime.com/free-content-library/.

Let me know your thoughts about this topic, and if you have other recommendations to share, please leave a comment.