You Need To Lock Down Your Router’s Remote Management Options

You Need To Lock Down Your Router’s Remote Management Options
Photo: <a href="https://www.shutterstock.com/image-photo/view-back-wireless-router-on-white-1677209692">Shutterstock</a>

We’ve said it before, but we’ll say it again: Unless you’re using a mesh router setup, which typically ties its configuration to an easy-to-use app and/or service, there’s no need for you to enable remote management on your router. The setting sounds great on paper—who wouldn’t want to access their router’s configuration from afar?—but it actually opens you up to a lot more potential harm than good.

And let’s be honest. Most people don’t do anything with their routers once they’ve set them up, aside from cursing at them and power cycling them when their wifi feels slow. (You should at least be checking for new router firmware once a month or so, but that’s another story for another time.)

I highly doubt you’ll need to tap into your router’s settings when you aren’t at home, and remote management opens your device up to plenty of security issues. Consider the latest security warnings from BitDefender. Attackers are allegedly using brute-force techniques to guess their way into less-secure routers with Remote Management enabled—as well, router with any kind of cloud configuration option. Once they’ve done that, they’re messing with the router’s DNS settings to redirect users’ web requests to malware.

As BitDefender describes:

What’s interesting is that, by changing the DNS settings on the router, users would actually believe they’ve landed on a legitimate webpage, except that it’s served from a different IP address. For example, when users type “example.com”, instead of the webpage being served from a legitimate IP address, it would be served from an attacker-controlled IP that’s resolved by the malicious DNS settings. If the attacker-controlled webpage is a spot-on facsimile, users would actually believe they’ve landed on a legitimate webpage, judging from the domain name in the browser’s address bar.

Once redirected, users are shown a pop-up that asks them to install an app to obtain new information about—you guessed it—the coronavirus. And once they’ve done that, they end up installing a utility called Oski on their systems that extracts and ships off data like browser credentials, stored sessions, and saved passwords.

Screenshot: BitDefender

The best way to avoid malware like this is a twofold approach. First, turn off remote management on your router. It’s typically buried in some kind of advanced settings menu, if it exists, so you’ll have to do a bit of digging to find it (or look up specific instructions for your router). And if you can’t find it, but you know your router’s configuration is tied to some kind of an account (like Linksys’ cloud service, for example), then you should make sure you have a strong password for that account that you don’t use for other accounts or services.

It’s as easy as that. And it makes total sense. Your router should never default to using simple logins for anything, even its web-based UI (if applicable). That means no “admin/password” combinations, for starters, and if you absolutely must give yourself an opportunity to dial back into your router from anywhere in the world, you need to keep the door nice and locked with a strong password. You’d do just as much for your laptop or smartphone; why not the device that manages everything in your network?

Log in to comment on this story!