Your network router might be at risk of a malicious cyber attack.
And, listen, we get it: It’s 2020 and virtually every headline and lede you read is going to contain some degree of hyperbole to try and get you to not just click, but stick around to read the entire story. We’re guilty of that here, to some extent — but this isn’t that big of an overstatement. Let us say it again: Your — yes, your — network router might be at risk of a malicious cyber attack.
Cybersecurity researcher Samy Kamkar has developed a JavaScript exploit — dubbed NAT Slipstreaming — capable of tricking a majority of consumer and small-business routers into opening ports not designed to be opened. You can read the full report here, but unless you’re versed in the world of cybersecurity and its endless acronyms, you might need somebody (us) to do you a solid: The attack essentially allows hackers to render your router’s firewall useless, granting them access to any of the network-related services (or devices) within the confines of your home or business.
Before you gloss over that last sentence, consider what “network-related services” you have in your life (AKA in your home). Like your smart speaker… your smart locks… your web-connected security cameras… your smart garage opener… your smart oven (do these need to exist?)... your computer.
The scary part? You don’t have to do much to be on the wrong end of the attack. Opening a webpage that features the script is enough for the attack to infiltrate your network. You’d never even know it.
Here’s a TL;DR version of how it goes down:
User visits website with JavaScript hack.
User’s web browser executes said JavaScript code without the user’s knowledge.
The code embeds itself into website traffic that makes its way from the web server into the victim’s browser.
This changes the port the attacker is able to access on the victim’s network.
Tears; so many tears.
The scarier part? This has the potential to impact a good portion of consumer routers… many of which are old enough to be neglected by manufacturers who aren’t likely to patch anything but their current crop of networking devices.
The good news is there are a few things you can do to try and protect yourself as much as possible. We’ll detail a few below.
Disable ALG
Kamkar says users can protect themselves by disabling their router’s Application Layer Gateway (ALG) service, a feature found in many commercial routers that’s been criticized by numerous security experts in the past. This may be simple enough for most, but some businesses that use VoIP could run into some issues.
Disabling ALG will vary from manufacturer to manufacturer, but VoIP specialist Nextiva provides a solid rundown on how to disable that service across a number of the most popular brands. You can find that information here.
Update your Firmware: The Easy Way
You may also consider updating your router’s firmware (assuming you’re not using an outdated model that’s bound to be ignored by manufacturers in the same way you’re pretending cardio doesn’t exist and calories don’t count during quarantine).
This first way is relatively simple, and may not even need to be spelled out when considering the sort of users these network devices are typically designed for.
Many modern routing devices will often be paired with a mobile application that will allow you to configure your device to your preferences. These interfaces should also include a section that will allow you to manually update your router’s firmware (while we’re here, perhaps see if you can enable automatic updates).
We can’t give you exact instructions without seeing the interface itself, but you’ll likely find yourself digging through the application’s settings menu to find that your device is either up to date, or in need of a firmware patch.
Update your Firmware: The Less Easy Way
So you bought a router that doesn’t come with an app. Big mistake, but certainly not the end of the world.
The first thing you’ll need to do is launch a web browser on your computer (or phone) and navigate to your device’s IP address. The specific IP address will depend on the manufacturer, but chances are it’s probably something like 192.168.XXXXXX. Do a quick search after identifying your make and model; you shouldn’t have too much trouble finding information on how to access it.
From there, you’ll be asked for a username and password. This, in all likelihood, will not be the same username and password that you use to access your internet provider account. In fact, assuming you’ve never accessed this page before, you may be able to log in using the default credentials. Many routers are designed to revert to the default credentials after a manual reset, so consider giving that a try if you’ve already created and forgotten the personalized credentials like so many of us tend to do.
Again, it’s impossible to give you exact instructions with all the routers out in the wild, but you should be able to find information regarding your router’s firmware (and an update) without having to do too much digging.
You may also be required to visit your manufacturer’s website to find the firmware download file. We trust you can take it from there.
That said, there’s no guarantee that your manufacturer will go out of its way to patch this vulnerability. At least not yet. Updating your router’s firmware is almost always a great idea, but don’t consider yourself bulletproof if you do happen to see an available update for your device.