Hack Lets Intruders Sneak Into Home Routers

Security researchers at Indiana University and Symantec have discovered a hack that allows an attacker to enter common home routers if someone visits a properly designed Web page and the router’s default password hasn’t been changed. The attacker can then wreak further havoc such as denial of service, malware infection, or identity theft among other things. The story is here – the Indiana University paper is here.

To protect yourself from this threat, log in to your router and change the default password. Do this by clicking Start > Run, and then type “cmd” (without the quotes) in the Open box and click OK. When the command prompt window opens, type “ipconfig /all” (without the quotes) and press the Enter key. From the text that follows, look for the line that starts with Default Gateway. There will be a number to the right that will look something like 192.168.xxx.xxx. Open an Internet Explorer window and type “http://192.168.xxx.xxx in the address window – in other words, type the number that the ipconfig /all command gave you as the Default Gateway after the http://. Then press Enter.

In the login dialog that appears, enter the default username and password – you can find this in the manual is on the CD that came with the router or as a download from the router manufacturer’s website. For most routers, the default username is admin and the default password is either blank (no password), password, or admin – if you have trouble, consult the router’s documentation. Then click around the various screens until you find the one where you can change the password. If you have trouble – again, look at the documentation.

Once you’ve changed the password, log out of the router and then back in with your new password to make sure that the change took effect. Log out again – and you’re done! Write the new password down and put it in your computer file (not on your computer – in a paper folder) so that you can retrieve it a year or two later when a technician or you need it.