Jonathan Weiss/Shutterstock
If you’re still using an older Wi-Fi router in your home, the FBI has a warning for you: You’re putting yourself at risk for a cyber attack. That said, you can breathe a sigh of relief if you’ve updated your router any time in the last decade. This specific alert only applies to devices made in the late 2000s and early 2010s. (In other words, end-of-life devices that no longer get support by their manufacturers.)
When a router goes end-of-life, it can’t receive software updates or security patches anymore. Once that happens, they become quite the attractive target for cybercriminals because of how easily hijack-able they become. In a public advisory, the FBI said threat actors are exploiting known security flaws in outdated routers to install malware, gain root access, and quietly fold the devices into botnets. Those botnets are networks of compromised machines used to launch coordinated attacks or sell proxy access to other criminals.
The FBI named a dozen legacy models as especially vulnerable. They’re all from Linksys, a middle-of-the-pack wireless router brand, and the list includes the E1200 (2011), the E2500 (2011), the E4200 (2011), the WRT320N (2009), and the M10 (2010).
How these router attacks actually work
Pixel-Shot/Shutterstock
Many of the affected models come with remote administration software that allows them to be configured over the internet. (Not unlike hackable smart home devices.) According to the FBI, attackers scan the internet for these end-of-life routers because their remote management features are now exposed. Cyber criminals exploit these known flaws in the software and use it to upload malware directly onto the outdated devices.
Once installed, the malware gives attackers open access to the router. The infected router then communicates with a command-and-control server, sometimes as frequently as every 60 seconds, to confirm it remains active and available for exploitation. The malware can also open network ports, effectively converting your home router into a proxy server that others can rent or use to conceal their own online activity.
The reason the FBI is so concerned comes from the fact that router-based attacks are really difficult to detect. Traditional antivirus tools don’t scan networking hardware, and because the malicious files live within the router’s operating system and not on a person’s computer, they’ll go completely undetected. If one of yours is on the list above (or, as a rule of thumb, if yours no longer gets software updates or security patches), you should seriously consider replacing it with a newer, more secure model.
