The Federal Bureau of Investigation is asking everyone with a home router to do one small thing: Turn your router off and then back on again.
The agency issued a warning Friday asking home Internet users and small-business owners to reboot their routers to ward off a pernicious piece of malware called VPN Filter. The malware infects routers during the first stage of an attack that eventually gives hackers great control over the devices connected to the internet. The malware has been linked to a group believed to be connected to the Russian military.
Research from Cisco’s Talos security group, published last week, estimates that 500,000 devices around the world may be affected by the malware, including routers made by major manufacturers such as TP-Link, Netgear and Linksys. While the FBI recently seized a critical part of the network that runs this attack, the agency still recommends that everyone reset their router, regardless of manufacturer, to cast a wider net.
Simply unplugging your router may not seem like it could do much for your security. But resetting the router sets this complicated malware back to stage one, said Ashley Stephenson of Corero Network Security. In its first stage, VPN Filter establishes in a router, but it needs to talk to another part of the network to download the second stage of the attack.
Now that the FBI has control over part of the network, routers trying to enter that second stage will send information to the agency instead of hackers, Stephenson said.
Simply hitting the power button without updating their router, would still put users at risk, software experts warned. As a next step, they should download the latest firmware for their devices and change their password to further guard themselves against infection.
Routers are often neglected – even forgotten – pieces of technology in our homes. After they’ve been set up, they are rarely given a second thought. But they have increasingly become a focal point for hackers looking to build massive networks of computers to control.
Several companies, such as Google, Eero and security firms Norton and F-Secure, are trying to make routers and their security easier to understand. Most people, however, simply stick with the router issued by their internet service provider or one that they can find cheaply for $25 or $30 online, experts said.
Poor router security comes from a combination of factors, said Ben Herzberg, threat director at the security firm Imperva. Many people don’t know how to access their router settings or how to check for software updates, he said. And some manufacturers are slow to push security updates, he said, out of negligence or because their devices are so old that they can’t easily be updated over the internet.
Herzberg recommended that anyone with a router that’s at least 15 years old replace it with a newer device and that they regularly check for updates to guard against potential new attacks. And while regularly rebooting your router isn’t always a necessary part of good security hygiene, he thinks it’s good advice to follow this time – considering the source.
“If the FBI says to reset your router, I would reset my router,” he said.
Subscribe to the Morning Review newsletter
Get the day’s top headlines delivered to your inbox every morning by subscribing to our newsletter.