Much has been made in the media lately about a Russian router hack. Here’s the low-down with this router hack story, and what normal folks can do.
What’s a router hack?
As Emily Litella might have said, “What’s all this I hear about RotoRooter Sax? No one’s playing saxophone in MY sewer….”
Many “old media” sources have picked up this story and scared casual readers. As usual with any story about computing that makes the mainstream “news,” very few stories display any real knowledge. Most are very thin and just an exercise in fear-mongering–AND they leave you hanging as far as what to do about it.
The focus of this scare is your home router. Routers are those “black boxes” that connect you to the internet (and/or provide the WiFi signal inside your house).
As described in articles like this, bad code may have been forced into your router, which could lead to mischief–technically, that would be a router hack. So far, there doesn’t seem to be much evidence that the residential user should lose sleep. The stories say power-cycling the router will “cure” any problem. Certainly, that won’t hurt, but if the infection is truly bad it would get into the “bones” of the router (the firmware–stuff that stays put even if the power goes out).
What to do
Here’s what we’d recommend for home users:
- Power-cycle. Couldn’t hurt–turn your router off, then back on. Doesn’t matter how: switch (if it has one), pull either end of the power cord, or use the switch on the power strip it’s plugged into. Anything untoward in the router’s memory will go away, and this process won’t effect normal operation. [NOTE: internet access will be gone for some minutes, and you may need to restart any computers or devices which use it to properly re-establish a connection.]
- Router Update. If there is an update for your router, by all means apply it (or have it done–by us? 😇). It will most likely address security issues. However–like cell phones–manufacturers only supply updates for a couple of years.
- Run a Test. Various websites attempt to check your router’s behavior, and warn you of any suspicious behavior or vulnerabilities. A couple reasonable choices: F-Secure Router Checker (they may be busy, so check back) and Tenta privacy test (amazing what the internet knows about your equipment!). For more info and suggestions, check routersecurity.org.
- Updates. If you have let any updates go for awhile–catch up. You may have noticed Windows 10 does MAJOR updates every few months, and other system slowness is often them doing other unannounced work. Likewise, let Java, Acrobat, and Flash (if you still have it) update–just be sure to uncheck any boxes where they offer to add other stuff.
- Anti-virus. Don’t assume “name” equals quality. Frankly, we’ve given up on McAfee and Norton products years ago; they slow things down without being any more effective. Windows comes with an anti-virus behind the scenes, or free versions of something like Avira work fine. We like the free version of Malwarebytes as an on-demand “second opinion” to check out systems.
Certainly this is a good excuse to take inventory. If you have a router over a few years old you should be thinking about a replacement. A lot has changed since the days of our ol’ warhorse Linksys routers. Most of us now use whatever gear our internet provider gives us (which is a modem plus a router), so there’s not much we can do–except re-negotiate our contract, if possible, and ask to update equipment. However, if you have additional old wifi boxes to cover other parts of the house–check them out, they could be targets of a router hack.
If you’re noticing slow internet and/or computer response, there are more possible causes than ever these days–besides foreign hacks. Usually, it’s because something unwanted and unnoticed is running, “stealing” a percentage of your computing power.
By all means, keep an eye on updates. Scan for “malware” (any unwanted, resource-stealing programs) periodically.
If you can get by without an old router, by all means turn it off so it can’t hurt you. If you have any early internet cameras, turn them off also; we found out the hard way that they are security sieves.
The computer industry has set themselves up for such messes by only minimally thinking through subjects like security and privacy in their rush to pop out new products. Of course, being a somewhat naive and optimistic lot, the industry never contemplated so many disaffected sorts on the other side of the world would devote so much time to devilry.
We’ll update this as more information comes in.