A recent article in the German computer security magazine c’t has exposed infections on wireless routers running a custom router software called DD-WRT. What does this mean for your office network? If your office wireless router is running DD-WRT and has not been updated since 2009 your entire office network and everyone who connects to your wifi can be at risk of having their private data stolen. Lets look deeper into the problem:
What are the risks?
If your router is infected, every person who connects to your wifi can have their usernames, passwords, bank login information, credit card information, or any information they type in and send over the internet stolen. The virus writers then receive this information and either use it to steal corporate data, commit credit card fraud, or sell the information on the black market.
What is DD-WRT?
Most wireless router manufacturers lock away features of your router and sell them at a lower price point. They then take the same hardware and repackage it at a higher price, only unlocking those features. DD-WRT is a custom open source software that runs on your office wireless routers in place of the limited software that came with your router. It then unlocks all of the features and options that were originally unavailable to you, unleashing the true potential of your wireless router.
How do I know if I have DD-WRT?
DD-WRT can be shipped with the wireless router, or it can be installed manually. The quickest way to check if you have DD-WRT installed on your office wireless devices is to ask your office IT person. If they aren’t easily accessible, you can attempt to check yourself using the following steps on a Windows XP/Vista/7 and above computer:
1. Run IP Config and get your Default Gateway.
On Windows XP/Vista, click on Start then Run and type “cmd” without the quotes and press Enter.
On Windows 7, go to Start and type in “cmd” without the quotes into the Search Programs and Files box and press enter.
Follow these steps to open “cmd” on a Window 8 computer.
2. In the cmd window, type “ipconfig” without the quotes and press enter.
You should see something similar to the above screen. Make note of the Default Gateway value.
3. Check for DD-WRT and the version it is running.
Open your favorite web browser, and enter only the Default Gateway numbers into the address bar and press enter.
If you see the above screen load, you have a wireless router with DD-WRT installed. Now check the date DD-WRT at the top right corner. If it is dated 2009 or earlier, you are vulnerable.
If you are still not sure, contact your office IT person to confirm.
What do I do if my wifi is vulnerable?
Since DD-WRT is supported by a volunteer community, testing can be limited, allowing bugs to pass to the public. Unfortunately since this virus is so new, there is no guaranteed way to check if a router is infected with this virus. The best course of action is to update the DD-WRT software on the router, or to use a router that does not have DD-WRT.
Read More