If your home router has been “hacked”, I’d suggest the following:
- Change your routers password. The attacker more than likely gained access to your device by being in close proximity of your router and cracking your password. The likelihood of this attack method increases significantly if your router is using WPA, WPS, or is still using the default password.
- Disable remote management of your router (if currently enabled). Most home users of routers simply don’t need to manage their router from anywhere in the world. It’s often times a better practice to require physical access to make changes to networking devices anyway. By disabling remote management, the attacker needs to still be on your network to access your router. This adds an additional layer of security to your device.
- Monitor your devices for any changes such as new connections, changed settings, etc… So after changing your password and disabling remote management if applicable, you should start to scan your router for unauthorized changes. Has a new device connected to your network, was new firmware installed on your device, did you disable something that is now enabled? If things are “magically” changing behind the scene there’s a good chance that your device is still compromised.
- Install the latest firmware for your router. Just like computers, your router needs to be updated every so often to protect it from being compromised by malicious individuals. Over the last several weeks, security researchers have discovered a previously unknown vulnerability now known as KrØØk which is associated with wireless devices that have a Wi-Fi chip manufactured by Broadcom or Cypress. This vulnerability allows an attacker to decrypt wireless network packets sent by a vulnerable device (router, smartphone, anything that communicates with the internet basically…). This allows the attacker the ability to intercept your wireless communications and view data that is being transferred by your wireless device. Vendors have already developed a patch to address this vulnerability so all you need to do is install it!
- The nuclear option. If all else fails and no matter what you do your router is still getting pwned, you can put the router in a microwave, set the timer to let’s say 1–2mins, and then replace said router (and probably microwave) with a new one.
*Note, it’s possible that your router is fine but your wireless password has been compromised and the attacker is sowing fear, uncertainty, and doubt on your local network. Changing your wireless password and patching the targeted systems is your best bet in most cases.
Let us know if you have any questions or comments regarding securing your router or information security in general!