Router manufacturers release firmware updates on a regular basis to ensure that the router has the latest security features to prevent unwanted access to the network.

Most routers have an automatic firmware update process but sometimes, you have to manually update your router’s firmware. If you are wondering how you can update your router’s firmware, then these steps below will be of help to you.

Find the Router’s Default Gateway Address

To update your router’s firmware, you will need to access the router’s admin interface through the default gateway address.

For most routers, the IP address is http://192.168.0.1/ but sometimes it can be different. You should try this address and if this doesn’t work, you should find your router’s IP address.

You can check the bottom of your router for a sticker that contains the default IP address. If that doesn’t work, you can find the router’s IP address through the command prompt using the “ipconfig” command.

Once you have managed to find the default gateway address that leads to the router’s admin interface, type that address into a web browser and see if a login page pops up or not.

Log Into Router’s Admin Interface

Now that you are at the login page of the router’s admin interface, you will be required to enter the username and password to access the admin interface.

Most of the time, you can find these details printed on the same sticker at the bottom of the router, where you find the router’s IP address.

If you cannot find the details there, you can look on the internet for the admin username and password of your router.

In case you have changed the default login credentials and forgotten the details, you will have to factory reset the router and login using the default credentials.

Find Firmware Update Settings

After logging into the admin interface of the router, the next thing that you have to do is find the firmware settings of the router.

After logging in, you will be at the home page of the admin interface and you would want to navigate to the “Advanced” tab, as you will most likely find firmware settings there.

In some cases, routers have a dedicated settings page for firmware settings. Just look around and find the firmware section there.

Check for Firmware Update

Once you are in the firmware section, see if there is a download button available to download the latest version of the firmware automatically.

Some routers automatically check for firmware updates while for others you need to check for the firmware update yourself. In other cases, you need to download the firmware update from the router manufacturer’s website and install it by uploading it into the admin interface of the router.

Install the Firmware Update

If there is a firmware update available, click on Download/Install to update the firmware. The update process doesn’t take very long as a firmware file isn’t too big.

Once the update is installed, it may or may not be necessary for you to restart the router for changes to take effect.

You can also set your router to automatically download and install new firmware updates once they are available.

Some routers may ask you to download beta firmware automatically but it is something that you should avoid and prefer stable versions only.

Now cybercriminals can use compromised Wi-Fi routers in cafes, airports hotels and other public places to potentially infect more Android smartphones with the Wroba.o malware.

ALSO READ: Top Internet Service Providers in Nigeria 2023

At the moment, the new technique targets users in South Korea, but it can be soon implemented in other countries as well. 

Roaming Mantis (a.k.a Shaoye) is a cybercriminal campaign first observed by Kaspersky in 2018. It uses malicious Android package (APK) files to control infected Android devices and steal device information.

It also has a phishing option for iOS devices and crypto-mining capabilities for PCs. The name of the campaign is based on its propagation via smartphones roaming between Wi-Fi networks, potentially carrying and spreading the infection.

New DNS changer functionality to attack more users via public routers

Kaspersky discovered that Roaming Mantis recently introduced a domain name system (DNS) changer functionality in Wroba.o (a.k.a Agent.eq, Moqhao, XLoader) – the malware that was primarily used in the campaign. DNS changer is a malicious program that directs the device connected to a compromised Wi-Fi router to a server under the control of cybercriminals instead of a legitimate DNS server. On the malicious landing page, the potential victim is prompted to download malware that can control the device or steal credentials.

At the moment, the threat actor behind Roaming Mantis is exclusively targeting routers located in South Korea and manufactured by a very popular South Korean network equipment vendor. To identify them, the new DNS changer functionality gets the router’s IP address and checks the router’s model, compromising targeted ones by overwriting the DNS settings. In December 2022, Kaspersky observed 508 malicious APKs downloads in the country.

An investigation of malicious landing pages found that attackers are also targeting other regions using smishing instead of DNS changers. This technique employs text messages to spread malicious links that direct the victim to a malicious site to download malware onto the device or steal user info via a phishing website.

According to Kaspersky Security Network (KSN) statistics in September – December 2022, the highest detection rate of Wroba.o malware (Trojan-Dropper.AndroidOS.Wroba.o) was in France (54.4%), Japan (12.1%) and the U.S. (10.1%).

“When an infected smartphone connects to ‘healthy’ routers in various public places like cafes, bars, libraries, hotels, shopping malls, airports, or even homes, Wroba.o malware can compromise these routers and affect other connected devices as well. The new DNS changer functionality can manage all device communications using the compromised Wi-Fi router, such as redirecting to malicious hosts and disabling updates of security products. We believe that this discovery is highly critical for the cybersecurity of Android devices because it is capable of being widely spread in the targeted regions”, says Suguru Ishimaru, Senior Security Researcher at Kaspersky.

In order to protect your Internet connection from this infection, Kaspersky researchers recommend the following:

• Refer to your router’s user manual to verify that your DNS settings haven’t been tampered with or contact your ISP for support.
• Change the default login and password for the admin web interface of the router and regularly update your router’s firmware from the official source.
• Never install router firmware from third party sources. Avoid using third-party repositories for your Android devices.
• Further, always check browser and website addresses to ensure they are legitimate; look for signs such as https when asked to enter data.
• Consider installing a mobile security solution, such as special security solution, to protect your devices from these and other threats.

Threats stemming from vulnerable routers affect both households and organisations, moving beyond email compromises to physical home security. Despite this, people rarely think about the security of their devices.

According to research, 73% of users have never thought about upgrading or securing their router, making it one of the biggest threats impacting the Internet of Things today.

Here, Kaspersky experts explain what threats router vulnerabilities can pose and how users can protect themselves.

A router is the hub of an entire home network, through which all elements of a smart home access the Internet and exchange data. Infecting a router, attackers gain access to the network through which data packets are transmitted.

Using this, they can install malware on connected computers to steal sensitive data, private photos, or business files – possibly causing irreparable damage to the victim. Through the infected router the attacker can also redirect users to phishing pages masquerading as often-used webmail or online-banking sites.

Any data they enter on these pages, whether it’s their login and password from the email or bank card details, will immediately fall into the hands of fraudsters.

Since 2010, the number of vulnerabilities found in routers has been steadily increasing. In 2020, the number of discovered vulnerabilities increased to 603, about 3 times as many as the year before that. In 2021, the number of discovered vulnerabilities remained almost as high – 506. 

Out of all discovered vulnerabilities in 2021, 87 were critical. Critical vulnerabilities are the most unprotected “holes” through which an attacker can penetrate a home or corporate network.

Such vulnerabilities may let the attacker bypass authentication, send remote commands to a router, or even incapacitate it.

Doing so, operators are able to steal any data or files transmitted over an infected network, whether it’s your personal photos, private information, or even business contracts sent in an email.

Though researchers are now raising awareness about many more found vulnerabilities than before, routers remain one of the most insecure devices.

One of the reasons for this is that not all vendors rush to eliminate the dangers. 

Almost a third of critical vulnerabilities discovered in 2021 remain without any response from vendors: no patch or commentary with advice has been issued for them.

Another 26% of such vulnerabilities received only a comment from the company, which most often include recommendations to contact technical support.

Alongside attackers’ increased activity, consumers and small businesses don’t have the expertise or resources to identify or understand a threat before it’s too late.

For instance, as mentioned, 73% of users have never thought about upgrading or securing their router, making it one of the biggest threats impacting the Internet of Things today. 

This is especially dangerous when routers are used in sensitive environments such as hospitals or government buildings, where a data leak could potentially have a severe impact.

“Despite the speed with which technology is coming into our lives, the level of cybersecurity hasn’t kept pace. Many employees have been working from home for the past two years, but the security of routers hasn’t improved over this time – they’re still rarely updated. Therefore, the risk that router vulnerabilities could be abused by cybercriminals remains a concern in 2022. What’s important is to prevent a threat as early as possible, since people usually find out about an attack when it’s too late – after money has been stolen,” comments Maria Namestnikova, Head of the Russian Global Research and Analysis Team (GReAT) at Kaspersky. “When you buy a router, network security should be as much of a priority as data transfer speed and price. Read reviews and note how quick the manufacturer resolves reported issues. And don’t forget to update your router as soon as the developer releases a patch to avoid losing sensitive data and money,” adds Maria.