Router warning: Check if yours is susceptible to this hack

Your router is the key to home internet. All other devices must connect to the router for Wi-Fi, which is why you must ensure all security protocols are in place. Hackers who breach your router can cause serious problems. Tap or click here for five reasons to replace your router.

The gateway to valuable information is a lucrative prospect for any cybercriminal, and a group is now using a new malware variant to conduct their crimes.

Read on to see how this malware works and how to protect your router.

Here’s the backstory

Last year, security researchers at Fortinet found malware in Hikvision security cameras. Hackers used Mirai malware to launch strategically distributed denial of service (DDoS) attacks. These attacks flood a network, crippling it under the pressure of multiple data requests.

However, the malware has gone through an update, and researchers at Palo Alto Network’s Unit 42 spotted the latest version at work. A blog post explains that the MooBot variant specifically targets D-Link routers and exploits these vulnerabilities:

  • HNAP SOAPAction Header Command Execution Vulnerability.
  • SOAP Interface Remote Code Execution Vulnerability.
  • Remote Command Execution Vulnerability (two versions).

The end goal of the hackers is the same as before, trying to incorporate as many routers into a massive DDoS attack. While the criminals aren’t necessarily after your private data, it can give them a glimpse into valuable information.

What you can do about it

Unit 42 alerted D-Link to the flaws through the responsible disclosure of vulnerabilities. As a result, the company has rolled out several security patches to correct the mistakes, but some users might still have unpatched routers.

D-Link router flaws include:

  • D-Link Wireless N Home Router with SmartBeam technology (DIR-645).
  • Wireless AC1900 Dual-Band Gigabit Cloud Router (DIR-880L).
  • D-Link Wireless AC1200 Dual-Band Gigabit Cloud Router (DIR-860L).
  • Wireless AC1000 Home Cloud Dual-Band Broadband Router (DIR-820L).
  • D-Link Wireless AC750 Dual-Band Cloud Router (DIR-816L).

If you have any D-Link routers, you must update the firmware ASAP. Unfortunately, the vulnerabilities also affect several routers that reached the end of life support, so no patches are available. You can find a list of all the retired routers on D-Link’s site.

Here’s how to update your router’s firmware:

  • Go to D-Link’s Support website.
  • Enter your router’s model number in the search box. (NOTE: You can find your model number printed on the bottom of your router.)
  • Click on the router that you have.
  • Under the Downloads tab, find the latest firmware version, click Download and save the file to your desktop.
  • Then, log in to your router through a browser. The address is usually http://dlinkrouter, http://dlinkrouter.local, or http://192.168.0.1.
  • Enter your admin user name and password, and click Manual Setup.
  • Click on the Maintenance tab at the top of the page and then click Firmware Update from the menu on the left-hand side.
  • Under Firmware Update, click the Browse button and locate the downloaded firmware file you saved to your desktop.
  • Finally, click on Upload to upgrade the firmware.

Keep in mind that it should take a couple of seconds for the firmware to install and that your router probably needs a restart afterward.

Keep reading

Five reasons to replace your old router

Where to put your router for better speeds

Tags: malware, security