If you have a home network or wireless router, it can add a layer of security to your computer. But if you haven’t changed the default password on your home router, that can be worse than doing nothing. Hackers have recently developed some new tricks to automatically attack your computer’s router just because you were at an infected site. It might not even be the primary site you were visiting – it could be the site hosting one of the ads on the page.

In this attack, hackers use small bits of code that automatically try to log in to the router using the default password. The default password is the one that came on the router when you got it from the manufacturer. It’s usually something like “admin”, “password”, “1234” or sometimes blank. Default passwords are printed in the user manual (which is also available online). An online search for “default password list” turned up over 60,000 sites sharing this information, most of them hacker sites.

In a variation, some local hackers will try the same default password against your wireless router as they drive through your neighborhood.

Once the bit of code has successfully logged into the router, it opens a port. The hacker will later come back to your computer and attack it through that port. One common attack is to send false directions to the computer so that when you attempt to log in to your bank’s website, the compromised router instead sends your request to a fraudulent site designed to look and feel like your bank’s website. Read this CSOonline article for more.

If you haven’t changed the default password, do it today! Follow the router manufacturer’s instructions to change the password. Make sure you pick a strong password when you change it.

Leave a Reply