If you can read this, you have access to a router. Maybe it’s at home, but most of our readers are in small to mid-sized business, and all of them use routers. In a rare event, the FBI last week told Americans to “reboot” their routers. It showed up everywhere, including in the NY Times, and Fortune, and Forbes, and even PCWorld and Slate. I was asked about it by colleagues, friends, and baristas. It really is that big of a deal.
See, routers are not the simple pieces of hardware they used to be. Nearly all have at least some built-in persistent memory, and are capable of things like logging, Virtual Private Networking (“VPN”), port forwarding, etc. This makes their corruption by bad actors particularly bad – a “hack” can send all of your traffic, including passwords, logins, usernames, files, etc. through a remote server, which can parse that data for later use.
The best explanation I found of the imminent threat last week was at digitaltrends. The FBI apparently came across a 3-stage malware where stage 1 persistently altered the coding of routers to cause them to ping for instructions at stages 2 and 3. The FBI disrupted the malware by seizing the domain issuing the late-stage instructions, but many routers already had VPN forwarding in place. The FBI believes that rebooting the routers will purge these late-stage instructions.
Malware can affect a solid-state device like a router on three levels. It can affect transient memory that goes away when the device is rebooted. It can rewrite part of the persistent memory that remains when the devices is rebooted. Especially bad malware can change the operating system (“firmware”) of such a device so that it not only gives control to a bad actor, but also fools the device into not updating to avoid overwriting the firmware. A simple unplug and restart (usually with a few minutes off), can eliminate the first type. The second type may require updated firmware, or another downloaded update. The third may require actively forcing the device to reinstall firmware, even if the device thinks it is up to date. AT A MINIMUM every router (and NAS or Network Accessible Storage Device) in the country should be powered down and restarted after a few minutes. Personally, I updated (including forcibly) all three of the routers at my house this week.
A few months ago we did an article about spearfishing and data privacy breaches. If you’re not willing to reboot your router, look that article up and keep our number handy. You might need them…
If you have questions about this article, please contact Dov Szego at 804-377-1263 or firstname.lastname@example.org or Steve Setliff at 804-377-1261 or email@example.com.