Avast Academy Security Hacking How to Protect Yourself Against Router Hacking

How to Protect Yourself Against Router Hacking

Internet security is about more than protecting your computer and phone. Just as those devices can get hacked, so too can your Wi-Fi router at home. Router hacks can happen to anyone — learn to spot signs of router hacking, how to fix a hacked router, and how an advanced, comprehensive security tool like Avast One, with a built-in behavior shield, can help you fight against a hacker’s favorite tricks and techniques.

Editors' choice
Top Rated
Written by Ivan Belcic
Published on November 4, 2020

Can a router be hacked?

If your computer gets hacked, the dangers are clear: a hacker can help themselves to all of your sensitive personal files, and even delete them if they choose. And once a hacker has access to your computer or phone, they can install malware on it to spy on your internet activity, hold your files hostage with ransomware, or cause additional damage.

Sadly, routers are vulnerable to hacking as well.

Hamburguer menu icon

This Article Contains :

    What’s the danger of router hacking?

    The danger of a router hack is that it can initiate a whole new set of threats, from the seemingly benign to the much more serious. With that level of access, someone who’s hacked your router can:

    • Hog your bandwidth: This one’s more annoying than harmful, but still — if you’ve got someone piggybacking on your Wi-Fi and using it to stream games and movies (or even to mine cryptocurrency), you’ll have a lot less bandwidth left for your own activities.

    • Spy on your internet traffic: Someone who’s tapped into your Wi-Fi network can spy on all the traffic on your network, from any device that’s connected to it. That includes your computer, your phone, your family’s computers and phones, your video game console, your smart home devices, and more. Hackers can also use a packet sniffer to monitor your internet traffic in real time and capture the data flowing in and out.

    • Access illegal content: You might maintain a squeaky-clean internet history, but that doesn’t mean your Wi-Fi hacker does. They can use your internet connection to view or upload illegal media, stream or download pirated content, go shopping on the dark web, and do plenty of other unsavory things, all under your name.

    • Collect your personal data: A router hacker can hoover up anything you enter into a website with an unencrypted connection — meaning a website that uses only HTTP. And that goes for anyone connected to your hacked Wi-Fi. Never enter sensitive data, such as a password, into a website without HTTPS encryption.

    • Install malware on it: Yep, there’s router malware. A hacker with access to your router can initiate a router firmware hack, loading your router up with malware that sets the stage for additional attacks and spying in the future.

    • Map your Wi-Fi network: Someone tapped into your router can see all the devices on your network and use that information to help plan additional attacks. Router attacks on smart homes and other internet-of-things devices can be especially dangerous, as many people don’t give as much attention to their IoT security as they do to protecting their computer and phone.

    • Attack other people: Cybercriminals can hack your router and use it as part of a massive DDOS attack.

    • Change your DNS settings: A common goal of a Wi-Fi router hack is to access your router’s DNS settings, which determine where it sends your internet traffic. A hacker can change your router’s DNS settings so that your internet traffic gets rerouted to websites of their choice — usually pharming websites that trick you into giving over personal information or malicious websites that download malware onto your devices.

    If your router gets hacked, lots of new threats to your devices and Wi-Fi network emerge.Various security threats emerge if your router gets hacked.

    Now that we know what Wi-Fi hackers can do after a router hack, let’s look at what you can do to stop it.

    How to protect Wi-Fi from hackers

    By taking just a few simple precautions with your Wi-Fi router, you can make it a lot more difficult to hack. As is the case with many things in life, preventing Wi-Fi hacking is cheaper and easier than dealing with a hacked router. Once that happens, your problem will become considerably more difficult, though not impossible, to solve.

    Here’s how to block Wi-Fi hackers with smart router security:

    Change your router’s admin credentials

    All routers have a username and password that’s used to access your router’s settings. Whenever you get a router, whether it’s new or used, immediately change the username and password.

    What the experts say

    “Take a few minutes now to update your routers, set up a strong password, disable the administration interface from the public side, and help others who are not that technically savvy.”

    Martin Hron, Senior Malware Researcher

    Avast Threat Labs

    Wi-Fi hackers know the manufacturer’s default admin credentials for almost all the popular routers on the market. If someone can reach your Wi-Fi network, they can try logging into your router with that info. If you’ve never updated the login credentials after getting your router, you’re setting yourself up as an easy mark for a router password hack. And if you bought a router from someone else, you can’t be sure who has that old login info. Either way, change it up ASAP.

    Set a new router password using strong password creation practices — or create a truly uncrackable password with random strings of characters — to block Wi-Fi hackers from easily breaking into your router.

    Enable WPA2 (or WPA3) encryption

    WPA2 and WPA3 — the second and third versions of the Wi-Fi Protected Access security protocol — safeguard your router against unwanted access with AES encryption. That’s the same type of encryption we at Avast use for our super-secure Avast SecureLine VPN, so you know it’s good. Any router worth buying will be WPA2-enabled, and some newer models may feature WPA3.

    Enable WPA2 or WPA3 encryption so that anyone who wants to connect to your protected router will need your Wi-Fi password. And be sure to set a strong password by following smart password creation habits. These simple steps will give any would-be Wi-Fi hacker a serious challenge.

    Change your router’s network name (SSID)

    While you’re configuring your router — changing your admin credentials and setting a strong password — change the SSID as well. SSID stands for service set identifier, which, in everyday terms, is the name of your Wi-Fi network.

    New routers often display the brand of the router in the SSID, and Wi-Fi hackers can use that information to help them crack your password. Set a custom network name instead so that they won’t know which type of router you have. The more clues you give a hacker, the easier their job will be.

    Get creative with your Wi-Fi network name: make it long and complex. WPA encryption uses the SSID as part of the algorithm, so by avoiding default or common network names, you’ll make your network more resistant to password cracking methods like rainbow tables. Besides, it’s fun to give your neighbors something to chuckle about.

    Disable WPS

    Along with WPA2 or WPA3, many routers also have WPS (Wi-Fi protected setup) — meaning you can push a button or enter a PIN to connect, as opposed to using the password. While it’s clearly more convenient, the level of security plummets when using buttons or PINs instead of passwords.

    Anyone who can physically touch your router will be able to push the WPS button and connect. And a short PIN is far easier to crack with a brute-force attack than a lengthy and complex password.

    Unfortunately, not all routers support deactivating WPS features, but if yours does, turn WPS off ASAP and set a password.

    Deactivate wireless/remote administration

    Remote administration lets you log in to your router’s admin settings from anywhere in the world. But unless you’re a developer, chances are slim that you’ll ever need to do this. If you deactivate this feature, you’ll only be able to access your settings when your computer is physically connected to your router with an Ethernet cable. Deactivating remote administration is a convenient way to keep hackers out.

    Update your router’s firmware

    Firmware is the name for software that governs a specific piece of hardware — in this case, your router. Like your computer’s operating system or any of the programs and apps you use, firmware can be updated.

    Firmware updates can protect your router against any vulnerabilities that might be discovered in older versions of your firmware. Some routers will be able to check for firmware updates, but you can always log in to your router’s admin settings, find the firmware section, and take a look for yourself.

    Use a cybersecurity tool that protects your Wi-Fi network

    One of the easiest and safest ways to safeguard your Wi-Fi network is to use a Wi-Fi monitoring tool that will automatically keep an eye on your wireless network for you, saving you the hassle of manually monitoring it yourself.

    Avast's free antivirus software features a built-in Wi-Fi Inspector that constantly scans your network for any suspicious activity or devices, so you’ll know exactly what’s happening on your Wi-Fi at all times. Protect your Wi-Fi network, get rid of any devices that don’t belong there, and take comfort in knowing that if any Wi-Fi hackers are sitting on your network, you’ll be the first to know.

    Fight back against hackers

    Hackers have a wide range of tools they can use to crack your passwords and gain access to your devices. They can install malware that lets them steal passwords, redirect your internet traffic, or even take over your computer. Or they can trick you into visiting infected websites that spread viruses, download malware onto your device, or capture your data.

    Hackers can even purchase your passwords after they’re exposed in a data breach. But you can protect yourself against all these tricks and more with Avast One, featuring a built-in behavior shield.

    Avast One is an all-in-one security and privacy tool that fights hacking on multiple fronts: defending against viruses and other malware, blocking malicious websites, and helping you secure your data after a breach. Download it free today.

    Has my router been hacked?

    Hopefully you’ve already been following the advice above, and your Wi-Fi router is and will remain hack-free. But if you’re feeling suspicious or unsettled about the threat of Wi-Fi router hacking, here are some router hacking signs to look out for.

    • Your internet is suddenly much slower. This can be due to any number of reasons, so if you don’t see any of the other symptoms on this list, you don’t necessarily need to worry. But laggy internet can be caused by a Wi-Fi hacker gobbling up all your bandwidth.

    • There are unknown devices on your router. If you’re using a Wi-Fi network security tool like Avast Free Antivirus, you’ll find out automatically if and when a strange device connects to your network. If not, you’ll need to log in to your router and review the list of IP addresses on your network. Cross-check that list against the IP addresses of your own devices — here’s how to find your IP address — to see if there’s anything there that doesn’t belong.

    • Your DNS settings have been changed. Your router likely connects to a DNS server provided by your ISP (internet service provider), but a hacker can change your router’s DNS settings so that it uses a malicious server instead. That can cause your web traffic to get redirected to dangerous websites that can steal your personal details or download malware to your device. You can check your router’s DNS settings within your router’s admin menu.

    • Your router password or admin credentials have been changed.A hacker who isn’t trying to remain hidden might change your router’s password, preventing you from connecting and using the internet services that you’re paying for. They may also lock you out from your router’s backend by changing your admin credentials.

    • There’s unfamiliar software (or malware) on your devices.This is a big red flag. A hacker with access to your router can infect your devices with all kinds of malware, including ransomware.

    If you’re experiencing one or more of these issues, read on to learn how to stop hackers from using your Wi-Fi so you can regain control over your router.

    How to fix a hacked router

    If you’re dealing with a router hack, the good news is that you’ll likely be able to regain control. By following the simple procedure below, you should be able to expel any router invaders and make sure they stay out in the future.

    Another bit of good news: In the event that your router is infected with malware, this procedure may be able to remove the router malware as well.

    1. Disconnect your router

    You’ll want to isolate your router while clearing up a router hack. The first step is to unplug all your internet cables from your router. That has the immediate effect of severing the connection between the hacker and any of the devices on your home Wi-Fi network. If any devices are physically connected to your router, unplug those as well.

    2. Reset your router

    Next, reset your router to its factory default settings. Note that this is not the same as when you turn your router off and then back on again to try and fix a sluggish internet connection.

    A factory reset wipes your router, including all of the network settings you configured. If a hacker has your admin password, they won’t be able to use it anymore after a reset. Rebooting your router can also remove some types of router malware, including the notorious VPNFilter.

    Most routers have a dedicated factory reset button. You may need a paperclip to press it. If you can’t figure out how to factory reset your router, consult your user manual or the manufacturer’s website.

    3. Log in to your router and change your admin credentials

    Now that you’ve returned your router to its factory default settings, you can log in with its default username and password. You’ll find that information on the router itself, in your user manual, or on the manufacturer’s website.

    After you’ve logged in, change the admin password to one of your own choosing. That will prevent the hacker from logging back in.

    4. Set a new Wi-Fi network SSID and password

    Give your wireless network a shiny new name, and remember that longer and more complex names make your network harder to crack. The same goes for your password — aim for at least 15 characters and use a combination of letters, numbers, and symbols (or use this tool to create impenetrable, random passwords).

    5. Set up a guest network (optional)

    While you’re still fiddling with your router settings, consider setting up a guest Wi-Fi network on your router. This is an additional network that allows devices on it to access the internet, but keeps them out of your primary network. That way, your friend’s malware-infected phone won’t be able to compromise your pristine new computer.

    If you have a lot of smart devices, you can funnel them through your guest network as well. IoT devices don’t typically have stellar security, so isolating them on a separate network is a good idea.

    6. Update your router firmware

    Most routers won’t update their firmware automatically, so you’ll need to handle it yourself while you're logged in. Find the firmware settings in your router’s admin menu and update to the most current version. Any hacking exploits that targeted your old firmware should be rendered ineffective against the new update.

    Protect your network with dependable cybersecurity

    Use a trusted antivirus tool like Avast One to scan your computer for malware that a hacker might have slipped into your device. Avast One is a completely free and comprehensive cybersecurity solution that, will scour your computer thoroughly to detect and remove any traces of viruses or other malware, no matter how hidden it may be.

    At the same time, it keeps you safe against future hacking attempts. Detect and block malware before it infects your devices, and avoid the malicious websites hackers use to install malware and harvest your data. You’ll even get built-in VPN access to encrypt your entire internet connection. If you’ve reset your router and chosen hard-to-crack passwords, you should be in the clear.

    Keep all your devices threat-free with Avast One, from the cybersecurity provider trusted by millions of people in millions of homes around the world.

    Protect your Wi-Fi and your phone against router hacking with Avast One

    Free install

    Protect your iPhone against router hacking with Avast One

    Free install
    Ivan Belcic