Recently, the FBI made a somewhat disturbing public service announcement that everyone should restart their routers. They advise doing this to prevent nasty router malware from taking over your hardware. Considering it's big enough for the FBI to make a public service announcement, it can be confusing to think about what might be hiding inside your router. So what is it and what can you do? Let's break down this new threat to see what it is, how it works, and what you can do to protect yourself from it.
Contents What is it? What does it do? Does it affect all routers? Is it irreparable? Spray VPNFilter
So once this new malware enters a router, what does it do? VPNFilter is quite advanced and deploys its payload in three steps:
When the router is turned on and off, steps 2 and 3 are erased, but the "seed" that was set up in step 1 persists. Either way, the most damaging part of the VPNFilter malware is resetting, which is why people have been told to restart their routers.
Not all routers can be affected by VPNFilter. Symantec details which routers are vulnerable.
To date, VPNFilter is known to be able to infect enterprise and small office/home office routers from Linksys, MikroTik, Netgear, and TP-Link, as well as QNAP network-attached storage (NAS) devices. These include:
If you own one of the devices above, check your manufacturer's support page for updates and tips on how to defeat VPNFilter. Most should have a firmware update that should fully protect you from VPNFilter's attack vectors.
Luckily, despite the fact that it looks like VPNFilter will be in routers forever, there are ways to get rid of it. Although VPNFilter makes sure it persists during router power off, it cannot survive a factory reset. If you run your router through one of these, the malware will get caught in the wipe and will be effectively eliminated from your router.
Once done, make sure to change your network credentials and also disable remote management settings. Your information may have been leaked in the attack, and preventing remote access may prevent a future attack from reaching your PCs and home devices.
While VPNFilter is a nasty piece of kit that has aroused the interest of the FBI, it's not unbeatable! By performing a factory reset, you can clear your router of any malware. Also, if your manufacturer has released an update, you can avoid getting infected again later.
Does VPNFilter affect you in any way? Let us know below.
Image credit:Router, close up of wireless router and man using smartphone in home office living room by Casezy idea/Shutterstock