This means that the router has been hacked and the DNS settings have been modified to serve hacked contents to a cyberthief. This is a pretty serious situation. When hackers exploit router vulnerabilities, gain access to it, and modify the DNS servers settings, all your Internet traffic can be forwarded to rogue servers. This is called a man-in-the-middle attack.
The DNS or Domain Name System, is the “phone book” of the Internet, and an IP address is what’s listed in the book. DNS names computers, services, or any resource connected to the Internet or a private network. It translates easily memorized domain names, for instance, www.example.com, to the unique numerical IP addresses needed to locate the service worldwide.
What happens when your router is hacked?
Instead of connecting to a clean site or service, when your router is hacked, you’ll visit a rogue and hacked one. It’s obvious that your privacy will be violated, and your banking information could be captured - by the man-in-the-middle mentioned above. Even the usually secure SSL, the HTTPS protocol we have all been instructed to look for to indicate a secure site, won’t assure you’re protected. Instead, you’ll be proxied through malicious servers and the encrypted connection is cut in the middle. This illustration shows what happens.
This could also happen if your router is set to default/weak/factory password. So, the worst scenario of hacking is not that uncommon. See the latest news about webcams being hacked because of the owner's using default passwords. Vincent Steckler, CEO of Avast, told VentureBeat that consumers are notorious for not updating default passwords, just as I'm talking about here. Some 63 percent of wireless routers run with default passwords, says Steckler.
The problem goes further than just one user or one device. The malicious effects can spread to all users in the local network, regardless of the operating system used.
How to protect ourselves against this plague?
First, scan your home network with Avast Home Network Security to verify if your device is compromised. If Avast alerts you, it’s already too late. You’ve already been compromised. You need to manually check the DNS servers in the router configuration.
By default, your router uses DNS servers automatically acquired from your Internet provider. All the devices on your network — PCs, smartphones, tablets, game consoles, and anything else connected to the network — get their DNS server from the router. You can change the DNS server on your router, therefore changing every other device on your network.
There are several good articles on the Internet about changing your DNS. Here’s one from howtogeek.com.
You also need to pay attention to your browser address bar. The HTTPS indicator should be there all the time. If it comes and goes, you may have already been compromised. In these cases, or for any other strange symptom you could be experiencing: Disable your Internet connection immediately and change the router username and password to unique ones (consult the router manual for instructions).
But, be warned, neither of these will be enough because if the router is vulnerable, it will take the attacker no time to change the settings back. Updating the router firmware or even changing it completely – as described in previous article – will be necessary.