The FBI says you should reboot your router. Should you?

[tao]

A handful of routers are susceptible to the VPNFilter virus. Here's how to protect yours.

 

Last Friday, the FBI issued a report recommending that everyone reboot their routers. The reason? "Foreign cyber actors have compromised hundreds of thousands of home and office routers and other networked devices worldwide."

 

That's a pretty alarming PSA, but also a somewhat vague one. How do you know if your router is infected? What can you do to keep malware away from it? And, perhaps most important of all, can a simple reboot really eliminate the threat?

What's the threat?

The FBI's recommendation comes on the heels of a newly discovered malware threat called VPNFilter, which has infected over half a million routers and network devices, according to researchers from Cisco's Talos Intelligence Group.

 

VPNFilter is "able to render small office and home office routers inoperable," the FBI stated. "The malware can potentially also collect information passing through the router."

 

Who distributed VPNFilter, and to what end? The Justice Department believes that Russian hackers, working under the name Sofacy Group, was using the malware to control infected devices.

How do you know if you're infected?

Unfortunately, there's no easy way to tell if your router has been compromised by VPNFilter. The FBI notes only that "the malware targets routers produced by several manufacturers and network-attached storage devices by at least one manufacturer."

 

Those manufacturers are as follows: Linksys, Mikrotik, Netgear, QNAP and TP-Link. However, Cisco's report states that only a small number of models -- just over a dozen in total -- from those manufacturers are known to have been affected by the malware, and they're mostly older ones:

 

Linksys: E1200, E2500, WRVS4400N

Mikrotik: 1016, 1036, 1072

Netgear: DGN2200, R6400, R7000, R8000, WNR1000, WNR2000

QNAP: TS251, S439 Pro, other QNAP NAS devices running QTS software

TP-Link: R600VPN

 

Consequently, there's a fairly small chance you're operating an infected router. Of course, you can never be too careful, so let's talk about ways to fix the problem and, hopefully, avoid it going forward.

Will a reboot really work?

It definitely can't hurt. Rebooting -- or power-cycling -- your router is a harmless procedure, and in fact is often among the first troubleshooting steps when you're having network or connectivity issues. If you've ever been on a tech-support call because of an internet problem, you've probably been advised to do exactly that.

 

However, according this Krebs on Security post, which cites the aforementioned Cisco report, rebooting alone won't do the trick: "Part of the code used by VPNFilter can still persist until the affected device is reset to its factory-default settings."

 

So is it possible the FBI misinterpreted the "reset" recommendation as "reboot"? Perhaps, but the bottom line is that a factory-reset is the only sure-fire way to purge VPNFilter from a router. 

 

The good news: It's a pretty easy process, usually requiring little more than holding down a reset button on the router itself. The bad news: It's a pain in the butt because when it's done, you'll have to reconfigure all your network settings. Check your model's instruction manual for help with both steps.

What other steps should you take?

We reached out to a couple of the aforementioned manufacturers to solicit their advice for combating VPNFilter. Linksys responded first, noting that VPNFilter is "proliferating itself using known vulnerabilities in older versions of router firmware (that customers haven't updated) as well as utilizing common default credentials."

 

Their advice: Apply the latest firmware (something that happens automatically in Linksys' newer routers) and then perform a factory reset. Linksys also recommends changing the default password.

 

That's our advice as well. By keeping your router patched with the latest firmware and using a unique password (rather than the one provided out of the box), you should be able to keep ahead of VPNFilter and other kinds of router-targeting malware.

 

Update, May 30 at 8:27 a.m.: According to the FBI's PSA regarding VPNFilter, the reboot recommendation is not intended to remove the malware, but rather to "temporarily disrupt [it] and aid the potential identification of infected devices." In other words, the FBI is enlisting you in a search-and-destroy operation. Needless to say, we recommend the aforementioned firmware update and factory reset if you own one of the affected router models.

 

< Here >

[knowledge-Spammer]

Sofacy  the names  is crazy

[jabrwky]

China, N. Korea, Iran, Pakistan deserve scrutiny. Commodity computers bring equal opportunity for treachery.

[steven36]

I reboot my router all the time when ever having isp issues  because i have crappy internet , so i don't need the FBI's help . I talked to the Internet ITs a 100 times and the FBI are as about as dumb as them but unlike my ISP  i never needed to talk to the FBI  if i need  to fix something . Even if I call 911 the local police comes and no one likes a fed not even the local  police do.  

 

Quote

 

Use a virtual private network (VPN) router to supplement or replace your existing router and encrypt all your network traffic.

"When I say VPN router, I mean a router that can be a VPN client," Horowitz said. "Then, you sign up with some VPN company, and everything that you send through that router goes through their network. This is a great way to hide what you're doing from your internet service provider."

Many home Wi-Fi routers can be "flashed" to run open-source firmware, such as the DD-WRT firmware, which in turn supports the OpenVPN protocol natively. Most commercial VPN services support OpenVPN as well and provide instructions on how to set open-source routers up to use them.

 

 

That  the FBI said to reboot you're router is USA  scare propaganda,  just like if you don't let the FBI put backdoors in software the terrorist are going use it to attack you . Russia not as crazy as the mainstream media tries to make them seem , things like blocking telegram  was smart because it's a known fact ISIS  uses this , but the FBI wanted to back door IOS because one home grown dead  terrorist had a iphone now that's crazy.

 

Most of them used old tech like Burner phones were they can't be traced . Sad thing is many Americans  that is not tech savvy believes the FUD pushed out by scare monger websites. If they put out enough news that the Russian bogey man is going to get you before long you start to believe it,  there brain washing people.

 

You know how dangerous  this can be before all the news in all USA sites reported that IRAQ had  Weapons of mass destruction  and even the president even believed it and started a war and killed  all them people because some politician told him  fake info  and  he almost got some of there own spies killed  . The guy that lied ended having to go to prison . So don't believe nothing like this unless they have real proof and even if they claim they have proof don't believe that ether . One person  spreading lies could cause World War 3 .

[BioHazard]

@steven36 I have to agree with you on this one  

[virge]

Prob not a bad idea to reboot your router once every 6 months, keeping the firmware updated is more important.

[knowledge-Spammer]

 

 

 is it right u have to go to norton site if so wow