Malware is constantly evolving to become better, stronger, and faster. It’s also not only limited to personal computers, but can spread throughout networks and to networking devices, as well. Zero days appear on everything from IoT and mobile devices to powerful commercial grade routers; yet somehow, many of us (including vendors themselves) seem to take security on our home networking devices for granted.
Creating strong SSID credentials is a good first step, but in the end, will only prevent some attacks. After all, while home routers face a multitude of threats, one in particular can easily go undetected, doesn’t need to crack your SSID to wreak havoc, and in the end, these routers are affected in a way that many users may not initially notice: their DNS is hijacked.
DNS hijacking can occur through the use of malicious downloads, code that has been injected into a legitimate website, or even from malicious advertisements (malvertising). If the DNS settings on a home router have been manipulated, attackers have the ability to redirect web traffic, strip SSL, prevent software updates, carry out man-in-the-middle attacks, steal sensitive information, and more. Even worse, users may be fooled into entering sensitive information into forms which they believe are trusted websites.
Not unlike strengthening your SSID credentials, your router’s admin login credentials should also be updated. These are a separate set of credentials to your SSID and it’s important to ensure that both have been changed, as these attacks rely upon these settings being untouched. After all, there are lists of default router credentials all over the internet, so it isn’t exactly rocket science for an attacker to gain admin access to your device. Herein lies a part of the problem.
In order to safeguard against these types of attacks, check your manufacturer’s documentation on how to access the DNS configuration panel within your home router. Once you’ve gained access to the panel, it is likely that, unless it’s been manually configured, DNS fields will be empty and automatically provided. If you see an entry you don’t recognize, conduct some research on the IP. If you still feel as if something may be awry, run a scan on your computer(s), restore your router to factory defaults, or kill it with fire.
Following preventative measures can also be useful. First, ensure your firmware is up-to-date. Upon login, many control panels will alert the user to the fact that their device is in need of an update. Also, ensure this panel is not easily accessible from outside your network. If this is necessary, ensure that communications are encrypted. This is not required for most users, however, and should be disabled in most cases.
If possible, regular panel logins/checks could be useful for the prevention of malicious DNS and other router-based attack vectors. Like with most other security measures, vigilance and preventative action are key because in the end, anyone can fall victim to these types of attacks.