What to Do if Your Router Has Been Compromisedby Andy Walton
A compromised router is a major security concern, potentially leading to identity theft or financial loss. Attackers use vulnerable routers to get inside a network's firewall, enabling them to view sensitive information such as credit card details and other private documents. If your router is compromised, your first concern is to remove the attacker from your network. Then, you can focus on improving your network's overall security.
Disconnect your router from your Internet connection as soon as you notice that the device has been compromised. This cuts external attackers off by preventing any traffic entering or leaving the network. However, this does not affect attackers who are logged directly into your wireless. Some routers allow you to remove individual clients from a network through their menu system. If yours does, use this option to remove any computer you do not recognize.
Reset Your Router
Next, perform a factory reset on the router to return it to its original state and wipe any custom configuration. This serves to disconnect all clients from your wireless network, as it changes the encryption key used back to its default value. It also undoes any router configuration changes that your attackers may have made, so you know your device is in a safe-to-use state without having to go through all your settings manually to ensure they are still correct.
Change Your Passwords
After your router is reset to a factory default state, it is imperative you change both the wireless password and the configuration password for the device itself. Most routers use a standard configuration password by default, with these passwords widely available online. If you do not change this password, your attacker could regain access to your device. Changing your wireless password helps to ensure that the attacker cannot reconnect to your Wi-Fi network.
Secure Your Network
With the attacker removed from your network and your passwords changed, you can focus on ensuring the attack does not happen again. One way to do this is to turn on Media Access Control filtering, which limits network access to specific devices. You could also install network-monitoring software such as Spiceworks or PTRG, which scans your network for unexpected users. In addition, consider turning off wireless broadcasts. This means that only users who enter your exact wireless network name into their devices can connect to the network.
- photo_camera Sean Gallup/Getty Images News/Getty Images