Your home wireless router is a powerful little device.
Its powers are almost always used for good, like making sure all the devices in your home can get on the Internet, granting them shared access to printers and files, and keeping intruders out of your network.
A router can sometimes be corrupted and its powers can be used for evil.
Cybersecurity provider WordFence has been tracking a wave of attacks that have been targeting websites that run the very popular WordPress software.
Those attacks, they discovered, are being carried out by an army of routers. WordFence observed attacks coming from more than 10,000 distinct IP addresses.
Some devices participated in as few as 50 attacks in a one-month period, others in as many as a thousand.
How did someone turn thousands of routers into a botnet army? By abusing the system that Internet providers use to push updates to them.
Because the routers were not properly secured attackers were able to push malicious code using the TR-609 remote management protocol.
This certainly isn’t the first time that routers have been infected en masse and used to launch attacks.
Just last year in Germany more than 900,000 routers were infected with a variant of the Mirai worm using the very same point of access.
Five years ago in Brazil, millions of DSL users had their connections hijacked in a similar incident. A poorly-secured router update channel was to blame in that incident, too.
If there’s good news in the WordFence report, it’s that your router is almost definitely not involved in these attacks.
97% of the attacks came from devices located in Algeria, with others in the Phillipines and India also joining in.
For now, at least, your router isn’t the bad guy. WordFence did, however, spot 16 million devices in the U.S. alone that are exposing the same configuration port that was used to hijack the routers used in these WordPress attacks.
Hopefully your ISP has taken the appropriate steps to make sure hackers can’t sneak in the back door.