Everyone is trying to keep internet-connected devices secure. But we often forget that modems, too, are internet-connected devices. And as opposed to your computer, tablet, or smartphone, which can be easily disconnected if infected, your modem is your internet. You can’t have one without the other. So, is your modem immune? Can a modem get a virus?
A modem can get a virus because it connects to the internet, it filters all the information you’re accessing, and it doesn’t feature advanced security layers by default. Viruses target modems to use them as infection vectors for other devices or collect information passing through it.
Viruses and malware may even aim to block your network traffic, steal it, or make the modem inoperable. Once the modem is compromised, the entire network is at risk.
If you’re curious to learn more about it, buckle up, and let’s get started.
Can a modem be hacked?
A modem is hardware that connects a device to the internet. The security software from your device – PC, smartphone, etc. – does not influence the modem.
When you take no specific security measures for the modem, it can be hacked and infected without difficulty since:
- Users don’t care that much about modem security options;
- Manufacturers often ignore critical vulnerabilities, making the hackers’ lives easier;
- And hackers keep trying to hack modems since this would give them access to an entire network, so it’s a pretty lucrative business to them.
Do you remember the configuration settings of a modem or router? All models come with specific security settings. One must manually address each setting to get the best protection and reduce the modem’s odds of being hacked. Yet only a few do it.
Meanwhile, hackers want to tamper with your modem for various reasons. From freeloading off your Wi-Fi connection to infiltrating into your network and redirecting your requests to compromised servers, the wrongdoers will always take advantage of unsecured modems.
An attacker can exploit your modem’s vulnerabilities to:
- Disable ISP firmware upgrades;
- Silently flash or upgrade modem firmware;
- Change the default DNS server;
- Orchestrate man-in-the-middle attacks;
- Change serial numbers or all of the associated MAC addresses!
Obviously, knowing that a modem can get a virus and what an attacker can do in the process is valuable information. It could help you notice much easier if your modem was hacked and guide you to enhance security where it’s most needed!
How to know if your modem was hacked
I’ve talked about how computer viruses spread through Wi-Fi here, and everything in that article applies to your home network too.
Once your modem hosts viruses or malware, the telltales depend on the nature of those viruses.
If the attacker wants to lurk from the shadow, the signs will be more subtle:
- Your device is running slower than it used to;
- Some programs randomly crash, and you can’t seem to tell why;
- Occasionally, you’ll bump into new software that you don’t recall having installed.
If, on the contrary, the attacker wants to make it clear that he has taken over your network, you might notice that:
- Your web browser displays new toolbars that you don’t recognize;
- You’re being redirected to strange websites when typing normal internet searches;
- Old passwords of various online accounts don’t seem to work anymore;
- Fake antivirus messages pop up on your screen frequently;
- Money is missing from your online bank account (!!);
- Ransom request messages pop up on your screen.
All common signs of computer virus infections may be noticed with modem virus infections. Yet, the clues you’re getting when trying to use a web browser are the most important ones. That’s because most modem attacks result in DNS hijacking.
DNS hijacking implies that when you type an address into the URL bar, your browser will redirect you to a different website than it should. Basically, the DNS queries are resolved incorrectly, redirecting you to a malicious website.
F-Secure has this free tool that helps you check if your modem or router has been hijacked, almost instantly.
Are you saying that none of these has currently shown up your alley? Good for you! But it is still worth checking if your modem is one of the most vulnerable ones…
Yes, the emphasis is on “most” because it turns out that all modems and routers are more or less vulnerable to cyberattacks. Still, some of them deserve a medal for their notorious vulnerabilities.
Which modems are the most vulnerable?
A recent study involving 127 routers – consumer-grade models from large vendors – showed that ALL of them had various security flaws. On average, 53 vulnerabilities rated as critical were found on every model.
Imagine that the “most secure” tested model had ONLY 21 critical-rated vulnerabilities.
Most modem manufacturers do a lousy job of updating firmware and patching known vulnerabilities. This means that even when they are well-aware of a particular vulnerability, they hardly do something about it.
In the above-mentioned study, the average period between updates was 378 days, with nearly 50 of the tested models receiving zero security updates within the past year.
The researchers made it clear that different vendors cover different aspects better than others, but they all have their flaws.
AVM modems and routers seem to be slightly above the average when it comes to all security aspects.
However, for the rest of the models, ASUS and Netgear may be better than Linksys, D-Link, Zyxel, or TP-Link, but only in some aspects.
Notably, the most vulnerable modems were running an outdated Linux version, the 2.6.36 kernel last updated in… 2011!
Want more specific examples?
An IOActive study revealed vulnerabilities in over 100,000 routers from Linksys spread on 20 different EA and WRT series models.
Netgear got under the spotlight no later than this year for the severe vulnerabilities found in 79 of its router models released in the past 13 years. 758 different firmware versions contain a significant vulnerability, affecting models like AC1450, D6300, DGN2200M, EX3920, EX7000, WN3100RP, XR300, and many, many others!
On a different and possibly just as a scary note, there’s the Cable Haunt bug!
Online security publications have been buzzing about it at the beginning of the year. It has to do with the cable modems that use Broadcom chips, which means we’re talking about at least 200 million cable modems.
Briefly, the chips have a spectrum analyzer component that exposes them to remote attacks. This component is designed to help internet service providers evaluate and troubleshoot the modem cable connection.
The modem attack originates during web browsing. Say you’re getting a phishing email, which leads you to a web page with malicious JavaScript, then the hackers can affect the buffer overflow and access your modem. From there, all the bad things I already mentioned are possible.
Can you prevent your modem from being hacked?
Modem security primarily depends on proper authentication and reliable encryption. The modem settings will guide you on tweaking options to prevent it from being hacked, provided you pay attention to it.
In a nutshell, here’s what you should consider:
- Set up a secure user name and password – most modems either have none of these by default or have well-known or easy-to-guess credentials. You want your modem to have a user name and a password as reliable as your bank account! Because whoever will sign in to your modem as an admin will be in full control of your home network.
- Set up a secure SSID – the name of your home Wi-Fi is, by default, the name of the manufacturer. Hackers routinely scan networks in search of common brand names, as they already know the passwords those manufacturers commonly use. You want your SSID to leave them utterly clueless on what modem model you have.
- Keep your modem up-to-date – the modem has firmware that requires frequent updates that typically encompass security patches. Hackers are aware of the security flaws of older firmware versions and will exploit them when they find out that you’re running an out-of-date firmware version.
- Never allow remote administration on your modem – within the modem’s advanced settings, you have this option about remote administration. If you disable it, you’ll make things significantly harder for an attacker. Keep it off to protect your network against outside attacks.
- Check your modem encryption settings – you’ll find these within the Advanced Security Settings window, and you want it to be WPA2. It’s the strongest of all the three options available in there, as opposed to WEP. A proper Wi-Fi protected access password, the WPA2 type, will make a world of difference to your modem and Wi-Fi security.
Going through all the available settings is the best way to hack-proof your modem. Just so you know, though, this isn’t a one and done thing. The landscape is continually shifting, and you should do your best to stay up to date with security news and learning what hackers are up to.
Stick around for more valuable information!