Based on experts who sell electronics, the security of consumer router is fairly bad. Attackers take advantage of the general careless manufacturing of suppliers and target copious amounts of routers.
If you think your router is compromised, read on so you’ll know what to do.
Malware Attack
Attackers typically aim to change the setting of the DNS server on your router to let the malware
in. When this attempt comes to fruition, the toxic DNS server directs you to a phishing site
instead of a valid website.
The toxic DNS server doesn’t automatically answer all queries. The malware may simply time out on many requests and then reroute queries to the default DNS server of your ISP.
Uncommonly slow DNS requests can be an indicator that your router has an infection.Furthermore, attackers can also instantly insert ads, reroute servers, or try to inject malicious downloads. They can hook requests to various scripts used by major websites and reroute them to a web server with an ad-infected script. For instance, if you see porn ads on a legitimate
website like the New York Times, you are most likely attacked by a malware, either on your PC or your router.
Several router strikes take advantage of cross-site request forgery attacks. The malware embeds a nasty JavaScript onto a page, the same script will then try to load the web-based administration page of the router and change its settings. As the script runs on a gadget connected to your local network, the malicious code can easily connect to the interface that is only accessible in your network.
Security Check
The main identifying sign that a router has been affected is the change in its DNS server. You need to check out the web-based interface of your router and have a look at its DNS server
settings. To do this, simply:
Access the web-based setup page of your router. Look at the gateway address of your network connection to find out how.
Log in using the username and password you’ve setup on your router.
Search for the “DNS” setting. Look at the WAN setting screen or the Internet Connection settings.
If the setup is fixed to “Automatic,” you’re in good hands. If it’s fixed to “Manual” and you find custom DNS servers inserted there, that may well be an issue.
If you find DNS servers there that you are not familiar with, that is a sure sign that a malware has altered your router to attack DNS servers. If uncertain, conduct an internet search for the DNS server addresses and verify if they are legitimate or not.
Tech professionals recommend checking this setting occasionally to determine whether your router has been affected or not.
Security Fix
If you have a malicious DNS server, it is possible to disable it and setup your router to make use of the automatic DNS server from your internet provider. You may also type in the addresses of legitimate DNS servers such as Google DNS. Alternatively, you can just wipe out the settings of your router and do a factory reset.
