The FBI says you should reboot your router. Should you?
 

Not sure if anyone posted this yet. I saw it the other day.


The FBI says you should reboot your router. Should you?

Can such a simple step thwart Russian hackers? Here's everything you need to know.

Last Friday, the FBI issued a report recommending that everyone reboot their routers. The reason? "Foreign cyber actors have compromised hundreds of thousands of home and office routers and other networked devices worldwide."

That's a pretty alarming PSA, but also a somewhat vague one. How do you know if your router is infected? What can you do to keep malware away from it? And, perhaps most important of all, can a simple reboot really eliminate the threat?

What's the threat?

The FBI's recommendation comes on the heels of a newly discovered malware threat called VPNFilter, which has infected over half a million routers and network devices, according to researchers from Cisco's Talos Intelligence Group.

VPNFilter is "able to render small office and home office routers inoperable," the FBI stated. "The malware can potentially also collect information passing through the router."

Who distributed VPNFilter, and to what end? The Justice Department believes that Russian hackers, working under the name Sofacy Group, was using the malware to control infected devices.

How do you know if you're infected?

Unfortunately, there's no easy way to tell if your router has been compromised by VPNFilter. The FBI notes only that "the malware targets routers produced by several manufacturers and network-attached storage devices by at least one manufacturer."

Those manufacturers are as follows: Linksys, Mikrotik, Netgear, QNAP and TP-Link. However, Cisco's report states that only a small number of models -- just over a dozen in total -- from those manufacturers are known to have been affected by the malware, and they're mostly older ones:

Linksys: E1200, E2500, WRVS4400N

Mikrotik: 1016, 1036, 1072

Netgear: DGN2200, R6400, R7000, R8000, WNR1000, WNR2000

QNAP: TS251, S439 Pro, other QNAP NAS devices running QTS software

TP-Link: R600VPN

Consequently, there's a fairly small chance you're operating an infected router. Of course, you can never be too careful, so let's talk about ways to fix the problem and, hopefully, avoid it going forward.

Will a reboot really work?

It definitely can't hurt. Rebooting -- or power-cycling -- your router is a harmless procedure, and in fact is often among the first troubleshooting steps when you're having network or connectivity issues. If you've ever been on a tech-support call because of an internet problem, you've probably been advised to do exactly that.

However, according this Krebs on Security post, which cites the aforementioned Cisco report, rebooting alone won't do the trick: "Part of the code used by VPNFilter can still persist until the affected device is reset to its factory-default settings."

So is it possible the FBI misinterpreted the "reset" recommendation as "reboot"? Perhaps, but the bottom line is that a factory-reset is the only sure-fire way to purge VPNFilter from a router.

The good news: It's a pretty easy process, usually requiring little more than holding down a reset button on the router itself. The bad news: It's a pain in the butt because when it's done, you'll have to reconfigure all your network settings. Check your model's instruction manual for help with both steps.

What other steps should you take?

We reached out to a couple of the aforementioned manufacturers to solicit their advice for combating VPNFilter. Linksys responded first, noting that VPNFilter is "proliferating itself using known vulnerabilities in older versions of router firmware (that customers haven't updated) as well as utilizing common default credentials."

Their advice: Apply the latest firmware (something that happens automatically in Linksys' newer routers) and then perform a factory reset. Linksys also recommends changing the password.

That's our advice as well. By keeping your router patched with the latest firmware and using a unique password (rather than the one provided out of the box), you should be able to keep ahead of VPNFilter and other kinds of router-targeting malware.

First published, May 29 at 11:33 a.m. PT.

Update, May 30 at 8:27 a.m. PT: According to the FBI's PSA regarding VPNFilter, the reboot recommendation is not intended to remove the malware, but rather to "temporarily disrupt [it] and aid the potential identification of infected devices." In other words, the FBI is enlisting you in a search-and-destroy operation. Needless to say, we recommend the aforementioned firmware update and factory reset if you own one of the affected router models.

Yes, because everyone knows that rebooting anything will remove any and all spyware. This is the FBI trying to make themselves feel important and scare everyone with a big bad Russia story before the IG report drops.

updating to new firmware and changing up passwords now and then is never a bad idea though

DD-WRT you dozy op.

Thought this was fake, but its true!

https://www.justice.gov/opa/pr/justi...otnet-infected

Regardless, it's always a good idea to reboot your router once in a while. Your router can run low on resources like its on-board memmory, so rebooting it can give you a nice speed boost.

A few other tips: Update its firmware, make sure you're using the best security it has, use a nice long password, and turn off its SSID.

Many embedded devices boot from ROM (flash) and then run a memory based file system, so it's not unusual for some of the less sophisticated IoT worms to vanish when you reboot. It's pretty pointless advising to reboot, if they do actually mean a reboot, since the device will have exactly the same vulnerable firmware, and is likely to be reinfected by another device almost immediately.

Factory reset may not fix it, either.

Unless of course the new firmware is already hacked, or someone is stood behind you watching over your shoulder as you change your password... :2 cents:

Most retarded thing i have heard. This shows you the people who run the show really think the general public are total fucking morons.

...but its true too. I know a few people who call their ISP's to complain about slow speed other other problems without even once checking their routers, or rebooting them.

Check this out:

Here where I live, Bell installed nice, 5GHz Wifi Routers in everyone's homes with a 1gb/s fiber optic connection, but they assigned the same SSID to both the 5Ghz and the 2.4 GHz portions of their routers. Even though people were paying for a 1gb/s transfer speed, most of the time their devices were only giving them an average speed of about 90mb/s because they were connected to the 2.4 Ghz channels and didn't know it.

Reboot is the last step to install the NSA spyware on your router .... Please do it asap ...

:1orglaugh:thumbsup:1orglaugh

I saw it on the news, then got email about it. I’d not post unless I knew it was real.

We get free Internet with our HOA service, and our local Facebook group every day has people complaining about their Internet. And every day the first response will be "Did you reboot your router?" and of course the answer is no.

Link: :1orglaugh
https://www.cnet.com/how-to/the-fbi-...you-explainer/

Yes they are locking Hillary up any day now!

5Ghz is not inherently faster than 2.4Ghz. Having one single SSID is a good practice to allow your devices to choose whichever is stronger (and roam between them in the case of mobile devices).

:1orglaugh :1orglaugh :thumbsup


we reboot our router once a week or every couple of weeks. It only takes a moment and is good for the system, like a laptop.

What shitty routers are you guys using that you have to regularly reboot them?

A small chance your router got infected? LOL That list is basically EVERY known router used so....there's a 99.8% chance your router is fucked. LOL

MAGA!!

Not sure that reboot or restore or something else will helps

Fortunately the secret services of the US itself aren't listening in to any of us and isn't the world biggest perpetrator!


Oh wait...