You Need to Lock the Remote Control Parameters of the Router
We’ve talked about this before, but let’s say it again: unless you are using the mesh router setup, which usually associates its configuration with an easy-to-use application and / or service, you don’t need to enable remote control on your router. This setup sounds great on paper – who wouldn’t want to access their router’s configuration from afar? – but it actually opens up a lot more potential harm than good for you.
And let’s be honest. Most people don’t do anything with their routers after they’ve set them up other than cursing and turning them on and off when their Wi-Fi seems slow. (At the very least, you should check for a new router firmware once a month or so, but that’s a different story another time.)
I highly doubt you need to connect to your router settings when you are not at home, and remote control opens up a lot of security issues on your device. Please pay attention to the latest security warnings from BitDefender . Attackers allegedly use brute force methods to guess the path to less secure routers with remote management enabled, as well as routers with any cloud configuration option. Once they do, they tinker with the router’s DNS settings to redirect users’ web requests to malware.
As BitDefender describes:
Interestingly, by changing the DNS settings on the router, users would truly believe they were on a legitimate web page, except that it is served from a different IP address. For example, when users enter “example.com” instead of serving a web page from a legitimate IP address, it will be served from an attacker-controlled IP address that is resolved through malicious DNS settings. If a web page controlled by an attacker is an accurate fax message, users will truly believe they have arrived at a legitimate web page based on the domain name in the browser’s address bar.
Once redirected, users are shown a pop-up asking them to install the app for new information about – you guessed it – the coronavirus. And once they have done that, they end up installing a utility called Oski on their systems, which extracts and sends data such as browser credentials, saved sessions, and saved passwords.
The best way to avoid this kind of malware is with a dual approach. First, disable remote control on your router. It’s usually buried in some sort of advanced setup menu if it exists, so you’ll have to dig a little bit to find it (or find specific instructions for your router). And if you can’t find it, but you know that your router configuration is tied to some account (e.g. Linksys cloud service), then you should make sure you have a strong password for that account that you are not using. … Do not use for other accounts or services .
It is so simple. And that makes sense. Your router should never by default use simple logins for anything, even for its web interface (if applicable). For starters, this means no admin / password combinations, and if you absolutely need to give yourself the ability to connect to the router from anywhere in the world, you need to keep the door in good shape and lock it with a strong password. You would do the same for your laptop or smartphone; why not the device that controls everything on your network?