Yes! Like any other computer that can receive data and updates from outside, a wireless router can get infected with a virus. “Wait, What? The router is not a computer!” – you say. Are you sure? Even though they are a piece of networking equipment, routers are computers, too. Very specialized computers, but still computers nonetheless. They have their CPU, motherboard, memory, and usually a Linux-based operating system.
This choice of having a Linux-based operating system (or a dedicated OS written from scratch) makes them less likely to be infected by a computer virus than they would be running Windows. Still, there are viruses written and designed specifically for the routers and their operating systems.
So, sit back, relax, and let us explain how a Wi-Fi router can get infected, how to know if this happened, how to take care of it, and how to prevent it from happening again. Let’s take it from the top.
CONTENTS
Why Would Anyone Infect a Router With a Computer Virus?
As you probably know, a computer virus is a specialized, malicious code or a program. Its creator designed it specifically to infiltrate itself into a system and perform a set of tasks programmed by the hacker. Those tasks may vary from data collecting to redirecting traffic or even pure destruction of the infected router and every connected computer.
So, why pick the router as a target? It is somewhat obvious. The router is a junction point for all the data coming from and to a specific network. By infecting it, hackers can either use the router as a stepping stone to infect all the computers connected to it or place a virtual fishing net for all valuable information and credentials users send through that network. In any case, a router is a high-value target for hackers.
How Can a Router Get Infected?
Routers have pretty good security nowadays. They are designed with a ton of built-in options and settings made to prevent hackers from penetrating the network or infecting the router with malicious software. On the other hand, they are also designed to make the setup process as easy as possible, allowing users with even the most basic knowledge to set up the wireless network. And, this simplicity is their most significant vulnerability.
Manufacturers print the default IP address and administrator username and password on every router they make. Experienced users will use that information to set up the network, then change both username and password to keep the router and network safe.
However, many people are less experienced and won’t pay much attention to security. Therefore, they will leave the default credentials as they are, without changing anything. And hackers just love that.
For example, the default IP address for routers made by TP-Link is 192.168.0.1, and both username and password are admin. The Default IP for routers made by NETGEAR will be either 192.168.1.1 or 192.168.0.1. The username is admin, and the password will be either nothing or password. And that will stay the same for every single router made by those manufacturers.
Other brands will use similar IP addresses and credentials, and they are all publicly available and easy to find. See why this presents a security problem?
How to Change Your Router’s Username/Password (NETGEAR Router)
Even when you change the IP address, administrator username, and create a strong password, some router’s features can diminish all your efforts. A great example of such a feature is WPS or Wi-FI Protected Setup. Cisco developed the WPS to simplify the process of connecting different devices to the router over Wi-Fi. You press the WPS button, enter an eight-digit PIN code, and you’re connected to the router. Neat, right? Well, not so much.
Having an eight-digit PIN code as a password is a simple and effective way to connect to the network, but it is also making the router quite vulnerable to brute force attacks.
A brute force attack is a hacker attack where he submits many different combinations of letters and numbers to get the right one. If your password is made of just eight digits between 00000000 and 99999999, that makes the job a lot quicker and easier than trying to guess something like **ex4Mpl3.passw0rD**.
Once they crack the password, hackers can upload a virus or tweak the router’s settings as they see fit.
What Kinds of Router Viruses Exist?
There are many router viruses today, but one of the best-known and notorious one is VPNFilter.
VPNFilter uses a three-stage attack, and it is believed to have been developed by a Russian group of hackers called “Fancy Bear.” This virus infected over 500 000 routers worldwide, but it is thought that the initial attack was aimed at the Ukrainian networks.
This virus can embed itself into the router’s firmware, making it very difficult to delete. The hackers used it to collect and relay sensitive and valuable data such as credit card information, credentials, and other sensitive information.
Recommended reading:
- How Far Apart Can Google Wi-Fi Points Be?
- Can Wi-Fi Owner See What Sites I Visited Incognito?
- Can Someone on the Same Wi-Fi See Your History?
Other viruses are not as hard to deal with, but they can be anywhere from annoying to harmful. More than a few will trick the user into installing the app on the android phone or other device, then connect to the router.
Once connected, the virus will change the DNS settings and redirect all the traffic to the servers controlled by the hackers to try to snatch the credit card information or credentials from unsuspecting users. One way or the other, hackers are usually after some monetizable information.
How Can You Know if the Router Has the Virus?
Will you tell whether your router is infected or not depends mainly on the virus and how hard the hackers will try to hide its activity. That being said, there are a few tell-tell signs that can alert you that something is wrong or off.
- It is a red flag if your browser starts redirecting you to a different website than the one you wanted to visit.
- If the website you’re visiting looks slightly off and the lock icon in the address bar is unlocked, it is a red flag.
- If you start noticing programs and applications you didn’t install yourself, it is a red flag.
- If your DNS server changes for no good reason, it is a red flag.
- If some of the sites and services become unavailable due to the change of password without your doing, you have definitely been hacked.
How Can You Disinfect Your Router?
The good news is, it is not that hard to get rid of the viruses if they infect the router. Most of them will be deleted when you restore the router to the factory settings. VPNFilter, being a persistent one, will also require a firmware update to be flushed out of the system.
How Can You Save the Router From Future Infections?
The first rule of security is – don’t leave the door open. To apply this rule to the world of routers and home networks – don’t leave the default security settings on your router.
- As soon as you set up the router, change the default IP address, administrator username, and password.
- Avoid using features like WPS.
- Get antivirus programs for all your devices and scan them regularly.
- If your router has a built-in VPN, set it up.
Summary
Routers are, essentially, highly specialized computers. And, as any computer with an operating system and data connection to the outside world, they can be infected with viruses.
Hackers will try to control your router to obtain sensitive information like passwords, credit card credentials, or even turn your computer into a cryptocurrency mining machine on their behalf.
Most attacks happen because users don’t pay much attention to security and leave their routers unprotected or protected with the default username and password.
There are a few signs that you might be a victim of a computer virus. For example, if your browser starts misbehaving and redirecting you to a different website than the one you are trying to reach. Or, there is no SSL certificate on Paypal’s website or other financial services (unlocked icon in the left corner of the address bar). In some cases, the virus will install apps on your devices or allow the hacker to change the passwords for your sites and services.
If you notice any of those signs, scan for viruses, restore your router to the factory settings, update firmware, and change usernames and passwords to the most substantial level you can create. Additionally, start using VPN.
Hey, I’m Jeremy Clifford. I hold a bachelor’s degree in information systems, and I’m a certified network specialist. I worked for several internet providers in LA, San Francisco, Sacramento, and Seattle over the past 21 years.
I worked as a customer service operator, field technician, network engineer, and network specialist. During my career in networking, I’ve come across numerous modems, gateways, routers, and other networking hardware. I’ve installed network equipment, fixed it, designed and administrated networks, etc.
Networking is my passion, and I’m eager to share everything I know with you. On this website, you can read my modem and router reviews, as well as various how-to guides designed to help you solve your network problems. I want to liberate you from the fear that most users feel when they have to deal with modem and router settings.
My favorite free-time activities are gaming, movie-watching, and cooking. I also enjoy fishing, although I’m not good at it. What I’m good at is annoying David when we are fishing together. Apparently, you’re not supposed to talk or laugh while fishing – it scares the fishes.
