Skip to main content

Digital Trends may earn a commission when you buy through links on our site. Why trust us?

Duck, cover, and reboot your router? Why the FBI’s new warning is no joke

Casezy/Getty Images

(in)Secure is a weekly column that dives into the rapidly escalating topic of cybersecurity.

Last week, the FBI released a statement that shocked many — reset your home or office router immediately upon threat of cyberattack. To throw some additional urgency to the matter, the threat was traced back directly to a group connected to the Russian government.

It sounds like an easy fix for a major threat, but is resetting your router really going to prevent a major cyberattack?

Does rebooting really help?

Vulnerabilities in routers can be a huge problem, but rebooting the router flushes the short-term memory, and most attacks with it. However, there’s reason to think the recent scare won’t be so easy to solve.

Bitdefender Senior E-threat Analyst, Liviu Arsene. Bitdefender

According to the FBI, a specific kind of malware called VPNFilter was used, which infected the firmware of routers across the world. The FBI’s statement didn’t much detail as to whether this multi-stage malware might survive the suggested reboot, and that raised the alert of the cybersecurity expert we spoke to.

“Until now, we haven’t seen malware on IoT that could survive the reboot,” said Liviu Arsene, senior analyst at BitDefender. “If this malware survives the reboot, it’s a pretty big deal.”

The malware exists in three stages, the second and third of which aren’t persistent — meaning a reboot will mitigate the problem. The problem is the initial stage.

“They do say that the main purpose of stage one is to gain a persistent foothold in enabling the deployment of malware,” Arsene said. “The FBI did say that you need to reboot your devices to flush out any connection. But they did not say if the firmware is effective or if after rebooting, you’re vulnerable or not. They didn’t say if the malware survives and attempts to dial back home.”

The piece of hostile code allows the hackers to automate and control physical systems.

A follow-up statement from the Justice Department provided some clarity, saying that a reboot would eliminate second-stage malware and cause first-stage “to call out for instructions.” The statement continued, saying that while devices will remain vulnerable to reinfection, “these efforts maximize opportunities to identify and remediate the infection worldwide.”

Because it’s unknown how the routers were even infected to begin with, it’s also unknown whether a reboot or factory reset would do the trick. If VPNFilter turns out to exist beyond a reboot, this is a breed of malware that we haven’t seen before — and one that will be much more difficult to stamp out.

Why is VPNFilter so serious?

There’s another reason why VPNFilter is serious enough to merit an FBI warning.

Stuxnet: Anatomy of a Computer Virus

“The big deal is that for the code these analysts found in VPNFilter have overlapped with some other threats that was used a couple of years ago in Ukraine with the cyberattack that took down their power grid,” said Arsene. “Once you see that, it’s usually a pretty good sign that that botnet is going to be used. When you compare that with the code that was previously used to attack Ukraine, the most obvious conclusion is that they’re gonna use this botnet to attack some other critical infrastructure.”

The cyberattack on the Ukraine in December of 2016 wasn’t a great disaster. The power went out for around an hour at midnight in the capital city of Kiev. By morning, most people hadn’t noticed it occurred.

“Router companies need to pay more attention to the security aspects of their firmware.”

Upon digging into the incident, however, researchers discovered a more frightening potential under the surface. Security firms ESET and Dragos Inc. concluded the hackers were only testing their possibly world-shaking malware. The piece of hostile code used allows hackers to automate and control physical systems (such as the power grid). That’s not good.

The same code was also famously used in Stuxnet, a worm which is believed to have damaged Iranian nuclear systems around 2010. The prospect of that code appearing in an attack on 500,000 routers is troubling to anyone worried about cybersecurity. That’s likely why the FBI went public with its findings.

How can you secure your router?

“Router companies need to pay more attention to the security aspects of their firmware,” said Arsene. “This is not the first time we’ve seen routers with backdoors, with vulnerabilities, or open Telnets ports that are accessible from anywhere you are on the internet.”

Router companies don’t have the best reputation for cybersecurity. Many leave firmware updates up to the individual user, and router security isn’t easy to understand. “Whenever someone buys a router or any other IoT device they simply plug it into their network,” Arsene said. “They don’t usually take time to change default extensions. Whenever you have a router with default credentials connecting to the internet, you’re kind of asking for it. Security should start with your router.”

What is Bitdefender BOX?

BitDefender has a new product called Box that gives you a clear view of all of the smart devices in your network — and where the vulnerabilities are. While it’s a good solution for the tech-savvy among us, the average person doesn’t care enough about personal cybersecurity to invest in such a product. Arsene insisted that the largest vulnerability is the lack of awareness among the average person.

“People usually enable remote management so that they can dial in from work or from wherever you are. It is a big issue, especially if the router has hard-coded credentials or default passwords. You should disable remote access if you don’t use it. You should disable telnet if you don’t use it. You should disable SSH if you don’t use it. You should update the firmware as often possible and change default credentials. But how many people do that? Outside of tech savvy people, it doesn’t happen. My parents don’t do it.”

Now you know. Router security isn’t fun – but if it’s serious enough for the FBI to issue warnings, it’s serious enough to be worth your time.

Editors' Recommendations

Luke Larsen
Senior Editor, Computing
Luke Larsen is the Computing Editor at Digital Trends and manages all content covering laptops, monitors, PC hardware, and…
I put the RTX 4060 Ti up against the RX 6700 XT — and there’s a surprising winner
RX 6700 XT graphics card installed in computer.

You generally expect that a new generation of graphics cards will outperform the previous generation, but we're in a precarious spot this time around. Nvidia's recent RTX 4060 Ti hasn't been met with a warm reception, and cheaper last-gen options like the RX 6700 XT have looked increasingly attractive as their prices come down.

I threw both cards on my test bench to see which is the better one to buy, and there's a clear winner. There are some important considerations to keep in mind before picking up either GPU, though.
Where's the value?

Read more
These ingenious ideas could help make AI a little less evil
profile of head on computer chip artificial intelligence

Right now, there’s plenty of hand-wringing over the damage artificial intelligence (AI) can do. To offset that, Firefox maker Mozilla set out to encourage more accountable use of AI with its Responsible AI Challenge, and the recently announced winners of the contest show that the AI-infused future doesn’t have to be all doom and gloom.

The first prize of $50,000 went to Sanative AI, which “provides anti-AI watermarks to protect images and artwork from being used as training data” for the kind of large-language models that power AI tools like ChatGPT. There has been much consternation from photographers and artists over their work being used to train AI without permission, something Sanative AI could help to remedy.

Read more
Off to college? Acer just slashed the price of this Chromebook to $200
The Acer Chromebook 314 at a side angle.

Chromebook deals are a special bunch of great value options a lot of the time. We've spotted a particularly great one over at Acer. Right now, you can buy the Acer Chromebook 314 for $200 saving you $100 off the regular price of $300. Even better, if you use the code GRADS10 at checkout, you save an extra 10% so the Chromebook cost just $180. If previous laptop deals have been too pricey for you, this could be the one you've been waiting for. It has all the essentials you need from a Chromebook and even sports a full HD screen. Here's what else you need to know about it.

Why you should buy the Acer Chromebook 314
Acer is one of the best laptop brands for affordable computing, thanks to it knowing how to get the most from a tight budget. The Acer Chromebook 314 has all you could need in this price range. It offers an Intel Celeron N4020 processor along with 4GB of memory and 64GB of eMMC storage. If this system were running Windows 11, it'd be very sluggish but when running Chrome OS, it performs well.

Read more