Home Routers Under Attack by NSA-Spawned Malware: What to D

tomsguide.com ^ | 11/29/2018 | Marshall Honorof · Editor

[BenLurkin]

What you should do is factory-reset your router, disable UPnP, then check for firmware updates, since some companies have patched the vulnerability out. This won’t fix any other compromised systems, but it’s a necessary first step.

After that, you can factory-reset any other internet-connected device that you’re concerned about. You might also want to just buy a new router, as recent models do not appear to be susceptible to this type of attack.

This information comes from a blog post entitled "UPnProxy: EternalSilence" penned by researchers at Cambridge, Massachusetts-based data management firm Akamai.

Cybercriminals have learned how to take advantage of the UPnP protocols on older routers and get past the routers to directly attack Windows PCs on home and small-business networks. Akamai has dubbed this flaw “UPnProxy.” The most recent slew of attacks comes from an exploit that Akamai calls “EternalSilence” in a nod to the NSA-developed “Eternal” family of malicious code injections.

The bottom line is clear enough: Your router is the gateway to every connected device in your home, from your computer, to your phone, to your smart TV, to your smart light bulbs. If your router has been compromised, it’s possible that every other device in your home has followed suit.

Unfortunately, checking to see if you’ve been infected is hard, as antivirus software doesn’t normally scan routers. (A few products have begun to do so.) If malware makes it as far as your computer or game console, though, it’ll be easier to notice.

Dozens of routers could fall prey to this scheme, including models from Asus, D-Link and Netgear. The majority of models listed, though, are business-oriented devices that are popular in Europe and Asia, such as those from Axler, EFM, Netis and Ubiquiti.

[bitt]

thanks for the link!!!

great pages..

[TChad]

My Netgear router is 3 or so years old, so I guess it’s vulnerable.

It has been possible to disable UPnP in Netgear routers for a lot longer than three years. Whoever set up the router may have already done it. I always do.

[dayglored]

Might just be your router's default setting.

My router is a Frontier Comms DSL modem/wireless combo, on which UPnP has always been disabled, and the only open inbound ports are for ping (which my ISP uses to diagnose problems so I don't mind that).

"Stealth mode" was not enabled, but I've now enabled it. Normally if a router is contacted on a closed port, it responds saying it's closed. Stealth mode changes that response behavior to silence -- it appears as if the router doesn't exist.

FWIW, enabling stealth mode shouldn't make any functional difference other than you might disappoint the random scans done by the hackers and spammers.

[Salamander]

Mine is one of the Netgears that looks like a stealth fighter jet, with antennas.

I have no idea what I’m doing.

:)

[TChad]

Mine is one of the Netgears that looks like a stealth fighter jet, with antennas.

Sounds like some version of a Nighthawk router.

The easy part is step 2, disabling your UPnP, which goes something like this IF it is one of the listed routers:

https://kb.netgear.com/24306/How-do-I-enable-Universal-Plug-and-Play-on-my-Nighthawk-router

The hard part is step 1, configuring your router to reconnect to your ISP and your devices after you reset it, erasing your router passwords and special settings. Actually, it's not usually hard to do, it just takes time to explain.

[Salamander]

Yeah, that’s the name of it.

It I disable that, my network cams won’t work, I don’t think.

[martin_fierro]

Bfl

[TChad]

It I disable that, my network cams won’t work, I don’t think.

If that's the way they were set up, you are right. If you wanted to spend the time, you could probably configure their connections manually after disabling UPnP in both the router and the cameras.

Here's something you can do that requires little time, and that can greatly enhance your router security. Just update the router firmware:

https://kb.netgear.com/23442/How-do-I-update-my-NETGEAR-router-firmware-using-the-Check-button-in-the-router-s-web-interface

While a firmware update is very likely to work without problems, there is always a remote chance that it will screw something up. If that happens you can reset the router to factory defaults, or install a previous version of the firmware.

You may have to reconnect your devices after the update, since internet access will be briefly interrupted.

Good luck.

[zeugma]

Thanks for posting this. It got me off my ass and made me do a firmware upgrade of my router. Loading firmware on a router is always scary, because there is always a possibility you end up with a brick, but it worked fine, and the new firmware has lots of new features, which I'm going to have to talk about with one of the network gurus that I work with about. Last time I looked, which was some time ago, there wasn't an upgrade available. Now there is. Also took the opportunity to tighten up security a bit.

[mabarker1]

Just hook up a Fence Charger to the antenna, Kitty will get the point. 😇

/sarc