Nicole Zheng

FBI router reboot warning: what to do now [quick guide]

You may have heard about the FBI router reboot warning. Yes, it's a big deal, and it's still an active threat as I write this. 

As Minim is focused on securing and managing networks, here's a quick  breakdown of the concern and what you can do. 

What is the FBI router reboot warning?

Last week, Cisco researchers alerted the public about VPNFilter, malware that has infected over 500,000 routers and network-attached storage devices. The router brands known to be vulnerable are: Linksys, MikroTik, Netgear, and TP-Link. On May 25, 2018, the FBI issued a public service announcement about this malware, created by an international bad actor. 

What is the concern?

The malware is capable of all sorts of bad things as outlined by Cisco's research group, Talos Intelligence. The first "stage" ensures that it can persist, even through a router reboot. The second "stage," which cannot persist through a reboot, is capable of functions such as: collecting files, executing commands, managing devices, and self-destructing (rendering the infected device and/or any devices in its control inoperable). 

There are two big concerns to consider:

  • VPNFilter threatens your home's privacy and security. There are numerous ways the infected router could lead to identity theft, unwelcome surveillance, and other threats. 
  • VPNFilter lays the foundation for a large-scale attack, a potential threat to public wellbeing. We've discussed the Mirai botnet attack of 2016, which took down a huge swath of the Internet; imagine these tactics applied to public infrastructure with Internet-connected components—  water systems, public transportation, electric grids, hospitals...

Has this been taken care of?

The short answer is no. The FBI identified the suspected international group responsible and seized their backup and control systems. This group has been referred to as APT28, Fancy Bear, and Sofancy Group and is the same group also suspected to have executed election meddling attacks. Even if this stops the group from infecting more routers, the 500,000 infected routers need to be addressed. 

What can I do?

Per the FBI's warning, it is recommended that you:

  • Reboot your router
  • Consider disabling remote management of your router (or ensure you have a very secure password)
  • Ensure your router is updated to the latest available firmware.  

This is suggested even if you do not have one of the brands listed above. The logic here is that if your router has been infected, a reboot will stop VPNFilter's stage 2 actions (discussed above) from executing. And, assuming the FBI has put a stop to the bad actor, the actions will not be re-initiated.

For Minim customers - This is all quite easy. Minim prevents these sorts of attacks, ensures your router firmware is up-to-date, sets a secure password, and alerts you in the case of an infection. If you'd like to reboot your router, you can do that in our mobile app (just select Reboot my Router). 

For others  - Here are some steps you can take in response to the VPNFilter warning: 

  • Reboot: Unplug the router, wait 60 seconds, and plug it back in. 
  • Password, firmware upgrades, and disabling remote access: If you have a router that you purchased, independent of a service provider, you'll need to follow your router manufacturer's instructions, which you can Google (sorry, but it'll depend on your router model!) or contact your manufacturer. If you are using a router from your service provider, you can contact them with questions. If you are simply at a loss, I recommend contacting an IT consultant, e.g. Best Buy's Geek Squad. 

Is rebooting my router enough? 

We don't think so. In the words of our CEO on the topic of home router security, the router reboot measure is akin to closing your front door without locking it.

For infected routers, this reboot will disrupt VPNFilter stage 2 and beyond functions from executing. But, stage 1 could persist, and should the bad actor keep going, you still have a problem. 

For uninfected routers, should the bad actor keep going, your network is still vulnerable. Should another bad actor pop up, your network is still vulnerable. 

That's why at Minim, we're working hard on home network management and security software for routers. We give homes and service providers easy visibility and control, alerting them when there's an issue. Minim is currently available through partner Internet Service Providers and router manufacturers, but you can request beta access here.  

Interested in learning more about Minim?

Get in touch