With home internet becoming a huge part of our daily lives, how do we know if a hacker could see all of our online activity? Can we tell by looking at the blinking lights in the front of the router?
Not anymore, sorry.
Internet access has become a critical utility for most in the U.S. Without internet, you might lose connection to friends and family, your work, or even important online information.
Safeguarding your internet access is critical, and you can start by securing your internet router. We’ll help you determine whether a hacker has gained control of your Wi-Fi network or router and what you can do about it.
How to fix a hacked router
How to prevent your router from getting hacked
Router security FAQs
6 signs your router was hacked
How do you know if a device is supposed to be connected or if your router was hacked?
These are several immediate indications that you should look for, including:
- Emails, videos, and music playing slower than normal
- Passwords not working
- Applications not performing as expected
- All your web searches on Google come back with the same response
- Your device keeps asking for your username and password
- Your background pictures on your display screen disappear
- Your phone camera activates and begins to record you while you on the device
Yes, in some cases, the problem resides with your internet service provider (ISP) — you might call your neighbor to confirm if they have the same problem. If not, your router may have been compromised.
1. You can’t log into your router
Once you set up our home internet router, you rarely log back in. Once you decide to log in to check out why internet speeds have slowed to a crawl, you discover your administration passwords aren’t working.
Why can't you get in? Did you change the default username and password while setting up the machine?
If not, the hacker could have compromised the device after their scanning tools found the default passwords still enabled on your device.
2. You see unfamiliar software and apps on your device
It’s not uncommon for people to lose track of all the apps and software loaded on their devices.
If a cybercriminal has hijacked a home internet router, they have the means to connect to your device by redirecting you to a rogue website. This is called an HTTP redirect and is a common tactic hackers use. Imagine typing in Google search on your device and somehow you end up on a website in South Africa. If this happens to you, a hacker could be controlling your internet router.
3. You see unfamiliar devices on your network
Once you’ve logged into your internet router, the first tab you typically see is the network map on many Cisco Linksys devices. After reviewing the network map, many are shocked at the number of connected devices.
Are these devices all mine? Seeing is believing. Could you imagine having all these devices share the same wireless network? No wonder your connection is slow.
Most everyday devices on the network will have a name associated with them: “Annie’s laptop,” “Kevin’s super fast Mac,” etc. If you notice a device you don’t recognize, click on its icon in the network map and set up parental controls to block the internet.
If someone comes screaming, you know that device should be on the network.
We recommend you download a free copy of SolarWinds home monitoring solution. This tool shows all devices connected to your Wi-Fi network. Similar to the network map on the router, check it each month to look for rogue devices.
4. You receive ransomware or fake security messages
Are home computers also a target for ransomware? Absolutely. Could a ransomware attack also originate from a hacker that controls your internet router? Yes. During COVID-19, when many people began to work from home, several home networks also fell victim to ransomware attacks.
If you’re startled by a pop-up message on your network with someone demanding $10 million in Bitcoin or they will delete your files, this is a ransomware attack. Ransomware could have infected your device when you received an email that was too good to be true and clicked on something you shouldn't have. It happens.
What to do during a ransomware attack?
- Don’t panic. In many cases, the message is a fraud and your personal data is not encrypted.
- Disconnect your router for one hour to let all connections drop from your device.
- After an hour, hook your router back up to the internet. Then check the device you received the ransomware notification on to confirm whether you have antivirus or anti-malware enabled.
- If you do have antivirus or anti-malware software installed, reconnect the device to the internet. Go to your antivirus or anti-malware software, such as Bitdefender or Symantec, and click on the update button. Make sure your software also runs a full scan.
- The malware on the device should be removed.
Now, if this was an actual ransomware attack and your files are encrypted, you could restore your data from a backup from a day prior to the attack. If you have no backup, work with your local IT shop to help format your disk and reload your operating system.
5. Your web browsers all go to the same website
How did you end up on a foreign lottery website when you tried to watch a YouTube video?
Did your home page or web request get redirected to a website you didn't expect? Chances are your browser is being controlled by a hacker who could be next door or halfway around the world. This is called browser hijacking or DNS hijacking.
If you end up on an unexpected website often, try to use a different browser to see if you get redirected again.
If it keeps happening even with a different browser, try to send yourself an email and see whether your emails are working. If you did receive an email from your side, that’s a good thing.
You can also try to connect your online banking application and see whether your connection goes through. Make sure the URL is the actual link to the banking website. The hacker could change your URL request from https://www.bankofamerica.com to something like http://www.baknofAmerzica.com.
If you still get redirected to that foreign lottery site or another unwanted web page, please don’t click on anything. (Promise?)
Chances are, there’s embedded malware on the site. Click on your browser settings, go to the History tab, and restore the settings to default.
6. Someone else is controlling your device
Hackers that take over home internet devices also have the means to insert malicious code into your devices, including your phones, Internet of Things-enabled (IoT) light switches, and your Xbox.
They can inject malicious software through your web connections, including rootkits, malware, and other exploits, to gain access and control your device.
If the hacker has control of your device, you may experience something like your device camera turning on by itself. Some hackers prefer to sit dormant for months, whereas others want to use your device to launch attacks against others right away.
How to fix a hacked router
Taking control of your home internet router is necessary to protect your family's privacy, data, and access to the web. Nowadays, secure internet access is pretty much critical for everyone in the household.
Whether you have a student downloading their homework, parents working from home, or need to access your home security systems while you’re away, you should stay in control of your home internet router.
If you’ve lost complete access to your home internet device, it’s highly recommended that you disconnect the router by unplugging it from the wall. Leave the device off for one minute to ensure current cached connections have dropped.
1. Factory reset your router
Once your router is reconnected to the power source, reset the machine back to the factory default.
This should ensure any previously compromised passwords for remote access to the device will be erased.
Next, you’ll connect to your router by using the default admin settings. These settings include the default IP address (such as 192.168.1.1) and a password provided by the manufacturer.
During setup, we recommend changing the router admin username and password to something only you will remember. You can refer to our step-by-step instructions about creating a strong password for help.
If you need help remembering passwords, you could use a password manager. (Please don't add another sticky note to the back of the device, thank you.)
Suppose you forget to update your router settings, no worry. Under the connectivity tab, you can change your router password. Please note, this password is for accessing the management console, not for internet connectivity. So ensure this password is different from your Wi-Fi password (sometimes called a WPA2 password).
2. Update your Wi-Fi network name and passwords
Once you’ve rebooted your device, it’s critical to change all detailed administration account information.
Cisco Linksys routers typically come with a Wi-Fi network name “Netgear.” It’s important to change the name of your device to something that hackers won't recognize and not Netgear, Linksys, or Cisco. Otherwise, you could leave your network open to a brute-force attack.
Log in to your device and go to the Wi-Fi settings tab. Here, you can change the network SSID name to something other than the default. Make sure you label your guest network differently than your family network.
Once you’ve set the SSID name to something other than the default, the next step is to change the password. We recommend setting up different passwords for your home network and your guest network. You'll want to make sure the password for both networks is completely different from your router administration login credentials.
3. Update your router firmware
All technology devices run on firmware, no matter how small or large. From time to time, devices have code issues. Manufacturers fix these issues through firmware updates.
After setting up your router security, including an updated password and SSID, we recommend you update the device’s firmware in case the manufacturer added additional security capabilities that will benefit you.
How to prevent your router from getting hacked
Internet access in the home is an important utility to maintain. These are several steps you can take to help prevent your device from being taken over by hackers.
Use a robust and complex password
Passwords should be complex. For example, your home password could be specific to your family, such as a favorite vacation spot. You could also add your child’s birth year on the front of the password: 1976Portugal. Lastly, we highly recommend adding special characters, including %$!.
Now, your home internet Wi-Fi access password could be 1976Portugal!.
More example passwords:
- For family Wi-Fi access:1976Portugal!
- For guest Wi-Fi access: %Pizza2020
- For router admin access: [email protected]@
Notice that all three have different password characteristics. We recommend you choose separate passwords per connection type in case one is compromised. If that happens, the other networks will be safe.
Reboot your router regularly
By rebooting the router, you kick everyone off the device, including family members playing video games, your spouse chatting for hours with friends, and your brother-in-law watching ESPN 24 hours a day on his phone.
Rebooting also kicks off any unwanted connections, including your cheap neighbor who borrows your internet connection to host their podcast. Recommend to leave the device off for one minute to clear all cached connections.
Turn on automatic software updates
To keep your router current with the latest firmware, we recommend you set it to receive automatic updates from the router manufacturers.
For example, your Cisco Linksys device could receive firmware updates at any time. The automated firmware update is typically non-intrusive to the device and the active connections.
If you’re unsure if your device has the most updated firmware, log in and compare your device's version number with the latest firmware version shown on your router’s support website.
Turn off remote access
Having remote access to a home router is only opening a door for a hacker to take over the device.
All internet routers are set up to allow access within your home to surf the internet. The router translates your computer address to a public address. This translation only works when you are connected from inside your network to external websites such as ESPN and Netflix.
Blocking external connections coming from everywhere on the internet — including outside your home — is your router’s job. Disable all controls that allow for external connections into your private home network.
All configuration changes performed on the router should be done on the device management interface and only while it’s accessible from within your private internet network.
No remote administration of your home router should be enabled.
Shut off OpenVPN access
Another critical step in blocking remote access is to disable OpenVPN access. Only someone on your local area network should access the administration console by disabling this feature.
There is an exception to this rule: If you need to gain remote access from an external location back into your home network, then you can enable the OpenVPN server to accomplish this task.
To use the VPN feature, you should enable the OpenVPN server on your router and install and run VPN client software on the remote device.
Disable WPS on your router
Wi-Fi Protected Setup (WPS) is a known feature on Wi-Fi routers to make the initial setup and access easier. However, But WPS is also risky to leave open for hackers to connect.
Many routers have a button on the back of the device which makes it easy to disable.
Don’t use the default Wi-Fi SSID
You’d be surprised how many people set up their home internet router and simply click through the configuration, accepting all default settings. Then, once their router connects to the internet, the SSID is in plain sight, which makes it easy for someone to look up the default password. Your neighbor will thank you for the excellent high-speed internet access.
If you want to see how many open SSIDs exist in your neighborhood, simply open your Wi-Fi settings.
Plus, notice how many of these Wi-Fi networks have no lock icon, which means they have open access with no passwords. This is why we recommend you change your SSID to something other than the default and update your password too.
Rename all default administration accounts
Many home internet routers come with a default name. Many people skip through their setup and forget to change their username and password.
Before the device goes active, we recommend changing the administration name and password to something unique that only you can remember. (And don’t use the same username and password for your Wi-Fi login.)
Use security software
Although enabling the proper security controls for your home internet router, protecting your family and their devices doesn’t stop there. Loading antivirus and anti-malware software on all home devices is an excellent next step.
Even with secured home internet routers, malware, phishing emails, and ransomware could make it through the device. Having layers of security helps minimize the chances malware could spread from one home device to another. Also, encourage your fellow housemates to also use strong passwords on their devices and know how to spot phishing scams.
Enable your router's firewall
Most routers come with a firewall already built in. All you need to do is make sure it's enabled in your router admin settings.
But keep in mind that a router firewall can't protect you against all vulnerabilities like phishing scams or social engineering attacks. So it's a good idea to avoid clicking suspicious links or giving out your Wi-Fi login info to someone you don't know.
Router security FAQs
Does resetting your router get rid of hackers?
The resetting of your router will disconnect everyone from the device, including home users and hackers. Leaving the device off for one minute will remove all cached connections. However, this doesn’t get rid of the hacker.
Remember, the hacker can use the same method they previously used to attack your device, including accessing your router through default administration accounts, remote access, and other security flaws.
After you reset your router, go into the admin console and update all security settings to help stop the hacker from re-hijacking your device, including changing the administration password.
Should I use the guest network function?
We recommend that, during your home internet device setup, you establish two completely separate networks for guests and family.
Having friends and family over for dinner is always a wonderful and festive event. And, of course, they all want to jump on your internet and surf. However, you probably have no idea where their device has been. And, chances are, they probably don’t have the same layers of security you do. This is the value of having that guest network separate from the home users.
For home users, we recommend that you use the following networks if available on your device:
- Home network: 5 GHz
- Guest network: 2.4 GHz
Dual-band routers provide two independent and dedicated networks, 2.4 GHz and 5 GHz, which allows for flexibility and bandwidth management. If your device only supports 2.4 GHz, you can still safely use the guest network as long as it uses a different password than your home Wi-Fi network.
If you don’t have a dual-band router, there are plenty of budget-friendly options on Amazon.
What happens if your Wi-Fi is hacked?
If your Wi-Fi is hacked, you may not know for some time unless the hacker redirects your connections or your favorite music begins to sound choppy. Logging into your router and checking your network map will help you see whether you have rogue devices on your network using up your bandwidth.
How do you know if your home internet device has been hacked? Slow applications, music, and video are the first signs of trouble.
An abundance of unauthorized devices showing up on your network map is another clear sign of your device being hacked. If your gaming consoles begin to reboot often, that could also mean a hacker is performing suspicious activities, including installing rootkits and Trojan horses.
If you think your router is hacked, we recommend the following steps:
- Log in to your router and check the network map and bandwidth. Look for any rogue devices.
- If you can’t log in to the admin console, power down your router and leave it off for one minute.
- Power up the device and reset it to factory default.
- Reconfigure the router from scratch. Remove all default settings, admin accounts, passwords, and SSIDs.
- Create unique passwords for the administration, home Wi-Fi network, and guest networks.
- Ensure all home devices have antivirus and anti-malware software loaded.
- Disable OpenVPN to block outside access to the device.
Keeping your family safe from hackers is extremely important. With the rise of internet extortions, social engineering, and ransomware, enabling the security controls on your router is a powerful deterrent to stop hackers from controlling your device.