What's new

How to prevent being hacked again - Router & devices? 😢

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

MadonnaMustache

New Around Here
Hi. Our home network and devices have recently been hacked.

It looks like our router was infected first, which led to our devices being compromised using MITM attack, keyloggers, changing settings, passwords and stealing personal data. This all happened over a period of time, so it took a while to figure out what was going on.

How can I prevent this from happening again - or at least miminise the risk?

- Router: What settings are recommended to prevent rogue access? What should be locked down in terms of protocols, ports and admin? I'd like to aprove each device added. Should I whitelist MAC addresses, or bind MAC to IP and whitelist that, or something else?

- Mobile phones (Android) and PC/Mac: What should one do here to prevent any issues in the future? Anything that can notify one early on of interference, manipulated traffic or someone snooping?

- I have been using AdGuard on our mobiles and PC/Mac. However, I'm a bit worried that installing its Security Certificate to block trackers and ads in HTTPS traffic could have weakened the security of our devices and contributed to the MITM attack. Is it safe to leave its Personal CA, or should I remove it and just stick with HTTP filtering? Thoughts?

- Anything else one should think about? Adding 2FA where possible. Authy seems good.

Many thanks, I look forward to your suggestions. 🙏
 
How do you know your router got hacked? Most hacks come from inside your network, e.g. infected client devices.

You don't provide any information at all about your router or how it was configured. But in general don't enable any form of remote access to it from the internet.

Hi there,

How would you disable remote access?
 
How would you disable remote access?
Often it is disabled by default and you have to purposefully enable it. However, it is dependant on the particular router in question, which again you have provided zero information about. I'll also ask again, what makes you think your router was hacked?
 
Zyxel NR5103E

Whatever happened on your network most likely originated from your LAN side - infected personal device or rogue IoT. I'm sure this 5G gateway is locked down by default and perhaps your mobile data operator uses private IPv4 addresses behind upstream firewall with no port forwarding. IPv6 may or may not be enabled on it.
 
Whatever happened on your network most likely originated from your LAN side - infected personal device or rogue IoT. I'm sure this 5G gateway is locked down by default and perhaps your mobile data operator uses private IPv4 addresses behind upstream firewall with no port forwarding. IPv6 may or may not be enabled on it.
Thanks for that! Is there anything I can do to prevent rogue IoT devices?
 
Thanks for that! Is there anything I can do to prevent rogue IoT devices?
Do not power them up and connect (any/all IoT) devices to your network.

Yes, even in 2024, they're still all rogue.
 
Nothing.

Either live with that or better yet, discard them.

If they need an internet connection, and they are connected, they are not secure. Period.
 
Use a different firewall or switch OS if you can and then you can restore everything. Putting everything back the way it was, you will end up hacked the same way.
 
Use a different firewall or switch OS if you can and then you can restore everything. Putting everything back the way it was, you will end up hacked the same way.

I factory reset the router, changed the admin password, changed the default SSID names, changed the passwords, made them different.
 
Look at how IoT devices are made, who they're made by, and how little they go for. Matter? What will that do to change their base defects and corruptible design? Nothing.

I factory reset the router, changed the admin password, changed the default SSID names, changed the passwords, made them different.

Do it all over again, if you haven't already, without being connected to the internet (no USB devices and/or any WAN/LAN cables connected to the router at all), from a trusted PC.

I have had many experiences (many decades ago) where plugging into the internet at that time (bare public IP!!!) would immediately infect the PC I was trying to fully update and protect. Same thing here, except it's with the router this time (the only outwardly facing thing you should ever have on your network.

ONLY AFTER IT IS FULLY SET UP AND PREPARED/READY TO STOP SUCH INFECTIONS.


To be clear:

  • Take the router out of the package.
  • Use only a trusted PC that you have downloaded all needed files too (it will be offline too while configuring the new router).
  • DO NOT PLUG IT INTO THE NETWORK OR YOUR ISP EQUIPMENT. YES, DO THIS WIRELESSLY, ONLY.
  • Find the appropriate WPS Button reset method for your model
  • Perform a 'dummy' (i.e. a temporary) setup and fully reset the router via the GUI, be sure you click the box to 'Initialize all settings..." too, before hitting Restore.
  • Perform another 'dummy' setup and flash the firmware you want to use (i.e. RMerlin's superior fork).
  • Verify that the RMerlin firmware 'took', then perform another 'Hard Reset'.
  • At this point, you can configure the router (offline) as far as you can.
  • When you are ready to plug it into the network, it should be fully functional and as secure as possible. At least for basic internet service.
The above process takes less than 15 minutes on modern routers. Before anyone moans about the time this needs to be performed properly.

This has been my baseline for myself and my customers for years now. At this point, I feel as secure as I can be that the router and network are as safe as possible, with the smallest chance of getting hacked (out of the box).
 

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top