Skip to main content

Digital Trends may earn a commission when you buy through links on our site. Why trust us?

Duck, cover, and reboot your router? Why the FBI’s new warning is no joke

Casezy/Getty Images

(in)Secure is a weekly column that dives into the rapidly escalating topic of cybersecurity.

Last week, the FBI released a statement that shocked many — reset your home or office router immediately upon threat of cyberattack. To throw some additional urgency to the matter, the threat was traced back directly to a group connected to the Russian government.

It sounds like an easy fix for a major threat, but is resetting your router really going to prevent a major cyberattack?

Does rebooting really help?

Vulnerabilities in routers can be a huge problem, but rebooting the router flushes the short-term memory, and most attacks with it. However, there’s reason to think the recent scare won’t be so easy to solve.

Bitdefender Senior E-threat Analyst, Liviu Arsene. Bitdefender

According to the FBI, a specific kind of malware called VPNFilter was used, which infected the firmware of routers across the world. The FBI’s statement didn’t much detail as to whether this multi-stage malware might survive the suggested reboot, and that raised the alert of the cybersecurity expert we spoke to.

“Until now, we haven’t seen malware on IoT that could survive the reboot,” said Liviu Arsene, senior analyst at BitDefender. “If this malware survives the reboot, it’s a pretty big deal.”

The malware exists in three stages, the second and third of which aren’t persistent — meaning a reboot will mitigate the problem. The problem is the initial stage.

“They do say that the main purpose of stage one is to gain a persistent foothold in enabling the deployment of malware,” Arsene said. “The FBI did say that you need to reboot your devices to flush out any connection. But they did not say if the firmware is effective or if after rebooting, you’re vulnerable or not. They didn’t say if the malware survives and attempts to dial back home.”

The piece of hostile code allows the hackers to automate and control physical systems.

A follow-up statement from the Justice Department provided some clarity, saying that a reboot would eliminate second-stage malware and cause first-stage “to call out for instructions.” The statement continued, saying that while devices will remain vulnerable to reinfection, “these efforts maximize opportunities to identify and remediate the infection worldwide.”

Because it’s unknown how the routers were even infected to begin with, it’s also unknown whether a reboot or factory reset would do the trick. If VPNFilter turns out to exist beyond a reboot, this is a breed of malware that we haven’t seen before — and one that will be much more difficult to stamp out.

Why is VPNFilter so serious?

There’s another reason why VPNFilter is serious enough to merit an FBI warning.

Stuxnet: Anatomy of a Computer Virus

“The big deal is that for the code these analysts found in VPNFilter have overlapped with some other threats that was used a couple of years ago in Ukraine with the cyberattack that took down their power grid,” said Arsene. “Once you see that, it’s usually a pretty good sign that that botnet is going to be used. When you compare that with the code that was previously used to attack Ukraine, the most obvious conclusion is that they’re gonna use this botnet to attack some other critical infrastructure.”

The cyberattack on the Ukraine in December of 2016 wasn’t a great disaster. The power went out for around an hour at midnight in the capital city of Kiev. By morning, most people hadn’t noticed it occurred.

“Router companies need to pay more attention to the security aspects of their firmware.”

Upon digging into the incident, however, researchers discovered a more frightening potential under the surface. Security firms ESET and Dragos Inc. concluded the hackers were only testing their possibly world-shaking malware. The piece of hostile code used allows hackers to automate and control physical systems (such as the power grid). That’s not good.

The same code was also famously used in Stuxnet, a worm which is believed to have damaged Iranian nuclear systems around 2010. The prospect of that code appearing in an attack on 500,000 routers is troubling to anyone worried about cybersecurity. That’s likely why the FBI went public with its findings.

How can you secure your router?

“Router companies need to pay more attention to the security aspects of their firmware,” said Arsene. “This is not the first time we’ve seen routers with backdoors, with vulnerabilities, or open Telnets ports that are accessible from anywhere you are on the internet.”

Router companies don’t have the best reputation for cybersecurity. Many leave firmware updates up to the individual user, and router security isn’t easy to understand. “Whenever someone buys a router or any other IoT device they simply plug it into their network,” Arsene said. “They don’t usually take time to change default extensions. Whenever you have a router with default credentials connecting to the internet, you’re kind of asking for it. Security should start with your router.”

What is Bitdefender BOX?

BitDefender has a new product called Box that gives you a clear view of all of the smart devices in your network — and where the vulnerabilities are. While it’s a good solution for the tech-savvy among us, the average person doesn’t care enough about personal cybersecurity to invest in such a product. Arsene insisted that the largest vulnerability is the lack of awareness among the average person.

“People usually enable remote management so that they can dial in from work or from wherever you are. It is a big issue, especially if the router has hard-coded credentials or default passwords. You should disable remote access if you don’t use it. You should disable telnet if you don’t use it. You should disable SSH if you don’t use it. You should update the firmware as often possible and change default credentials. But how many people do that? Outside of tech savvy people, it doesn’t happen. My parents don’t do it.”

Now you know. Router security isn’t fun – but if it’s serious enough for the FBI to issue warnings, it’s serious enough to be worth your time.

Editors' Recommendations

Luke Larsen
Senior Editor, Computing
Luke Larsen is the Senior editor of computing, managing all content covering laptops, monitors, PC hardware, Macs, and more.
Best color laser printers for 2024: tested and reviewed
A Brother printer on a counter in front of a brick wall.

The best color laser printers can be a great investment, saving you quite a bit of time and money. For shoppers worried about the long-term ink costs, you'll find color laser printers surprisingly affordable. Laser printers use toner, which lasts a very long time, delivering a low cost per page for monochrome documents and fast color prints. The best color laser printers offer quick performance and reliability to help keep your home office or small business productive.

If you need to scan documents for record-keeping and photo capture or want the convenience of a color copier, an all-in-one color laser printer is an essential tool for your small business or personal use. For a small added cost, you get expanded capabilities. That's why every model on this list is an all-in-one from the best printer brands.

Read more
The 5 best Wi-Fi adapters for PC in 2024
The Ugreen AC1300 Wi-Fi adapter in a desktop PC.

Whether you're designing it yourself or getting a pre-built PC, it can be easy to get a computer and realize that it doesn't have a native Wi-Fi adapter. Or, maybe it does, but you're internet speeds are getting faster, game downloads are getting bigger, you've already upgraded your router and need an adapter to match your newfound power requirements. No matter the situation, an external Wi-Fi adapter that you can add to your PC setup or even laptop setup will be worth your time. Here, we investigate the best Wi-Fi adapters for PC use. Most are incredibly affordable and just snap into a free USB port and start working.
The best Wi-Fi adapter for PC in 2024

Buy the

Read more
How to pin a website to the taskbar in Windows
A man sits, using a laptop running the Windows 11 operating system.

Windows includes many interesting tools, but if you’re like many people, more and more of your digital life is happening in your web browser and nowhere else. That being the case, you’ll want to keep your most important websites close at hand. The easiest way to access them in Windows is the Start menu and the taskbar, treating them more or less like programs in and of themselves.

Although easy overall, getting a website from your browser to your taskbar is slightly different depending on which browser you’re using.

Read more