How to lock down a frequently overlooked security risk.–PC Pitstop
Lock Down Your WiFi Router
by Bob Rankin
While we’ve been focusing on the security of our desktop PCs, laptops, and mobile devices, malware-manufacturing miscreants have been exploiting the most overlooked computer in most homes and businesses: the router. Here’s what you need to know…
Is Your Router Secure?
For those who have high-speed Internet, the router is the little box that connects your home or office to the Internet. And they are the latest target of the online criminal classes.
A legion of hacked consumer-grade routers were used to launch distributed denial-of-service (DDoS) attacks that brought Sony and Microsoft gaming networks to a halt over the last holiday season.
And now, according to researchers at the Fujitsu Security Operations Center, hundreds of hacked routers are being used to distribute malware that steals login credentials by redirecting browsers to rogue websites that imitate financial institutions.
Lock Down Your Router
A router can be compromised by changing its settings. For instance, substituting a hacker’s rogue DNS server address for that of a legitimate DNS server would redirect browser requests to a fake website. But a router can also be remotely reprogrammed with firmware that includes malware and instructions for distributing it, turning the router into a slave in a botnet.
It’s unsettling that the researchers are not sure how bad guys are gaining control of routers. They speculate that users are to blame for not changing the factory default administrator login credentials when they set up their routers. Most often, the default credentials are published online; always, they’re simple and easily guessed. But I can’t lay all the blame on users.