Skip to Main Content
Have you updated your router today? - VPNFilter

Have you updated your router today?

There is more to an update than just the operating system and the apps on your device. Don’t forget about the router that is relaying data to and from the device in front of you – and its potential vulnerability to the VPNFilter malware.

Your router is not invulnerable

We typically think of a router as a slightly advanced network switch – power it up, plug in the computer wires, and do the bare minimum so we can get on with our lives. This approach is a problem – as the expanding scope of the VPNFilter router malware is showing. Yes, the bad guys have figured out how to get into over half a million routers and manipulate them – potentially reading messages, altering information, attacking devices behind the router, and even turning the device into a useless brick. That is just the start of the bad news.

You haven’t heard the end of this

Reports about VPNFilter are getting worse over time. Initial reports were that this was limited to 0.5 million devices. Since then, the list of vulnerable devices has been greatly expanded along with an initial accounting of the potential damage. As of mid-June, the list of companies producing the vulnerable goods includes ASUS, D-Link, Huawei, Lynksys, MikroTik, Netgear, TP-Link, QNAP storage kit, Ubiquiti, UPVEL, and ZTE. Most of the vulnerable routers are in the SOHO segment (small home-office network devices) however, the list is expanding down into consumer territory.

As this list of vulnerable devices keeps expanding, it is really up to you as the router owner to physically crawl under your desk, check the device make and model, and use your web browser to find out about your current device situation.

Issues in a nutshell

VPNFilter is believed to have quietly existed for two years undercover, before jumping into the media this spring with the FBI announcement about the takedown. There also is no mysterious new zero-day exploit connected with VPNFilter. Instead, the hackers are believed to have used several known vulnerabilities to work their ways into the infected routers.

It is believed to have been developed by APT28 also known as Fancy Bear and Sofacy Group – the Russian state-linked group which has also been accused of messing around in the US Presidential elections and distributing ransomware.

The initial recommendation from the FBI was to turn vulnerable routers off and on, temporarily removing the second stage of the malware and prompting the first stage to call the command &control centers for directions – enabling security researchers to learn more about the malware structure.

You are never out of the woods

There are two primary issues to keep in mind with VPNFilter and your router.

First, there is no single smoking gun or zero-day router vulnerability behind this. It seems that the hackers have cobbled together several existing vulnerabilities to do their nasty deeds. There is no one-point solution either. Say goodbye to certainty.

Second, your whole network is at risk. VPNFilter’s capability to pass additional malware on to the other devices in your network and to degrade communications down to unencrypted status means that all devices and activity on the network is at risk of being hacked and manipulated.

Here’s your router ‘To Do’ list

Here are four basic steps to enhancing your router security in this post VPNFilter world:

  1. Reboot – Turn it off (and on again). Go take a walk and smell the roses.
  2. Check the list. If your device is on this list (look way down at the bottom), think about doing a factory reset and reentering your network details.
  3. Check your router for firmware updates. Why be vulnerable?
  4. Use the opportunity. Think of VPNFilter as a good housekeeping moment. Have you changed the router login details since you first took it out of the box? Are your passwords more complex than Admin123? And while you are at it, check for open router ports. No sense in leaving an open window for a hacker to slide through.


This post is also available in: FrenchItalian

As a PR Consultant and journalist, Frink has covered IT security issues for a number of security software firms, as well as provided reviews and insight on the beer and automotive industries (but usually not at the same time). Otherwise, he’s known for making a great bowl of popcorn and extraordinary messes in a kitchen.