FBI Router Reboot Recommendation
FBI Router Reboot Recommendation
By: Chuck Davis
@ckdiii
www.ckd3.com
As I am sure you have heard, the FBI is recommending that anyone with a home router or small office router, reboot them. If you are not familiar with this FBI recommendation, then there are a few links at the end, to get you up to speed.
The reason for the FBI's reboot recommendation is that a piece of malware, named VPNFilter, has infected hundreds of thousands of routers all across the Internet. Rebooting an infected router forces the malware to reload which will initiate an attempted connection to malware command and control (C&C) servers. The FBI has already taken control over some, if not all of the C&C servers so the reloading of the malware will do two things.
It will flush it from actively running on your router.
When an infected router tries to connect to the C&C servers (taken over by the FBI) it will let the FBI know which, and how many systems are infected.
An alternative and possibly better solution, is to reset your router to factory defaults, then set it up again as if it was new. This is usually accomplished by pushing a button on the router with a paperclip. Check your router documentation to learn how to do this.
ROUTER SET UP STEPS
Be sure you do the following things when you set up any small office/home office (SOHO) router.
Change the default administration password to something long and strong. A passphrase or sentence e.g. "My passphrase is 100x better than yours!" (Yes, you can likely use spaces in your passphrase)
Change the default SSID. You don’t need to make it difficult, just make it unique. Hackers love default values so make sure you change it. Something like changing “Netgear” to “StreetNet100” Stay away from a name that identifies you.
Change the default wifi password. This is the password that devices need to know to join your wireless network.
Use WPA2. WPA2 is the standard for encrypting WiFi connections. Never use "no encryption", WEP or WPA
Upgrade your router firmware!!!
Turn off remote administration. You likely do not need to log into your router from the Internet, so turn it off.
Turn of WI-FI Protected Setup (WPS). This makes it push-button easy to add devices to your wifi router. It’s also super easy to hack!
DNS: If you are feeling bold and ambitious, you can change the DNS that your router uses (and the devices that connect to it) to something that adds some security features. By default, your router will use your ISP’s DNS. However, you can change it to anything you want. I would recommend 9.9.9.9 because it filters out know malware servers, and/or 1.1.1.1 and 1.0.0.1 which is fast, and promotes privacy. (links below to learn more)
Disable Universal Plug and Play (UPnP) unless you know you need it but in any case, make sure it is not accessible from the Internet.
Once you are done with all of this. Run the ShieldsUp! tool to see if your router looks to be vulnerable from the outside. https://www.grc.com/shieldsup
BONUS TIP: For those of you who are a bit more adventurous and/or paranoid, you might try the three router configuration for your home network. This is where you put two routers behind your main router. One is for IoT devices and the other is for your computers, phones, backup drives, etc. This architecture creates network segmentation between the IoT devices and the devices that hold your data.
If you are in the market for a new router, I would recommend the Amplifi router for most people. https://amplifi.com/
References:
https://krebsonsecurity.com/2018/05/fbi-kindly-reboot-your-router-now-please/
https://www.nytimes.com/2018/05/27/technology/router-fbi-reboot-malware.html
https://www.pcmag.com/news/361373/malware-that-can-brick-wi-fi-routers-hits-500-000-devices