Two Sneaky Flaws That Could Be Causing Your Router To Expose Your Data

On May 3rd Dansan-made GPON Home Routers were found to contain two flaws that expose them to outside breaches according to Netlab, a Chinese network security division. The attack affected 240,000 owners of the 9 year-old Dasan routers. Keep reading to find out how to beef up your router’s security.

The flaws were an authentication bypass (CVE-2018-10561) and a remote code execution vulnerability (CVE-2018-10562), which combined open the door for hackers to take control of a router to execute code on a device. Compromised routers have thus far largely been used to mine cryptocurrencies.

Since news of this breach broke several botnets set out to compromise these vulnerable routers and their linked ISPs. The security firm to initially flag this attack has released a patch antidote here for those affected.  

Your router is the link between your local network and the world, so even if you aren’t implicated in this attack you should follow these tips to keep your connection secure.

How to beef up router security:

  • Change your network name from the default set service identifier (don’t you want to be the punny person in your neighbourhood?)
  • Configure the settings of your router to change the administrator username and password– this is typically done through a website portal of the router’s brand
  • Enable MAC address filtering so you have control over which devices are connected to your local WiFi network
  • Inquire if your router can undergo firmware updates
  • Ensure your devices are protected in real-time with McAfee, this solution will alert you if you’re surfing a network that might be compromised. Plus it can be used on up to five devices including your smartphone
  • Run a FixMeStick scan once a month to complement your antivirus software.  FixMeStick combines three antivirus engines and runs while your operating system is off so it can track and remove the most elusive threats

Subscribe to our newsletter on the right to get the latest threat alerts sent to your inbox.