Attacking the Router

One of the most important electronic items in your home is the router. All other devices depend on it for an internet connection. It is the door into your digital world, yet it is often neglected for long periods, getting no attention until the connection goes down.

Since it connects all other systems on the local network, your router makes for an attractive target. The advantages of a compromised home router to bad guys are plenty: they can use it as a proxy for malicious activity, to transfer stolen data, launch direct attacks, or hack other devices on its network.

Hackers are methodical, going through several steps before assuming control of a router. They have no preferences as to the brand of the gadget – it just has to be vulnerable, easy to pop, and available in large numbers.

The decision of what to target is typically connected to the disclosure of a vulnerability or some information that would make it easier to hack. It could be a security bug in one of the components that allows elevated privilege access on the device, a report disclosing a hidden backdoor account or bad default configuration.

Locating the prey

Before taking action, any hacker worth their salt learns about their target — not just to accurately locate the devices online, but also to reduce mistakes when compromising them.

Cybercriminals start their search for vulnerable systems on the internet itself. They automate the process using scanning tools that can explore the entire online world. There are even search engines that retrieve the IP address of internet-connected equipment based on specific identification data.

Getting in

Once they know the location of the targets, hackers can start the break-in operation. Popular methods include using the default credentials to log in via a reachable service (web interface, SSH, telnet) and trying out multiple username/password combinations until the correct one is found (brute-force attack).

Exploits are another method to get in, and the bad guys have all the reasons to keep an eye on the latest disclosures – it is ready-made code aligned with their purposes. The age of the vulnerability is irrelevant, because updates, even when they are available, are often installed late, if at all. Cybercriminals rely on this reality to do their business.

Staying in

The moment they get in, hackers can plant their malware or adjust configuration to their favor, like redirecting traffic through their gear, which could also mean monitoring and control. When this happens, you are no longer in control of the device.

An infected router responds to the commands of the hacker, who can instruct it to search and infect other vulnerable targets reachable over the internet. It can also map the local network and send attackers details about the systems it finds, allowing them to plan future attacks.

Stay safe

There are multiple way to keep your equipment clean. Enabling recommended defenses deflects most attacks, but it is no silver bullet. You should also update as soon as the vendor releases new firmware. To lower the risk, you could install a hardware security solution, which would handle the traffic automatically and repel hacking attempts.

Most malware for routers is not persistent, meaning that rebooting the device removes the malicious code. However, some viruses survive this action. In this case, it is recommended to reset the equipment to its factory settings and configure it anew.