can be compromised
if they have a weak or default password which attackers can easily guess or break using a dictionary attack
or brute force attack
. Malware which can modify routers are rare and may require the router to be a specific make, model and firmware revision. The most common was the DNSChanger Trojan
which compromised the router's weak default password using brute-force attacks. The Trojan then changed the router's DNS table to malicious DNS servers...redirecting Domain Name resolutions to unsolicited, illegal and malicious sites the attacker wanted victims to access.
How DNS Changer Trojans Direct Users to ThreatsMillions Of Home Routers Vulnerable To Web HackMalware Silently Alters Wireless Router Settings
...Some DNS changer Trojans can alter routers' DNS settings via brute-force attacks. As a result, all systems connected to the "infected" router also become infected. Some DNS changer Trojans can also be used to set up rogue Dynamic Host Configuration Protocol (DHCP) servers on certain networks, which can have the same effect.
Some routers have known vulnerabilities which can be exploited
to open them up to attacks without needing to know the proper password. There have been various reports of vulnerabilities and attacks against hardware devices such as routers and data storage. For example, Ars Technica reported that ASUS routers
and any storage devices attached to them may be exposed to anyone online without the need of login credentials if users have taken advantage of remote access features built into the routers. Linksys routers
have been reported to be vulnerable to a simple exploit that could give an attacker remote access to the router.Related ResourcesBest Practice
1. Keep up to date with all security information related to your router.
2. Always reset your default router password with a strong password?
Consult these links to find out the default username and password for your router
, and write down that information so it is available when doing the reset:
These are general instructions for how to reset a router
For more specific information on your particular model, check the owner's manual. If you do not have a manual, look for one on the vendor's web site which you can download and keep for future reference.
- Unplug or turn off your DSL/cable modem.
- Locate the router's reset button.
- Press, and hold, the Reset button down for 30 seconds.
- Wait for the Power, WLAN and Internet light to turn on (On the router).
- Plug in or turn on your modem (if it is separate from the router).
- Open your web browser to see if you have an Internet connection.
- If you don't have an Internet connection you may need to restart your computer.