How to Tell if Someone Hacked Your Router & How to Fix It

How to Tell if Someone Hacked Your Router & How to Fix It

1 Star2 Stars3 Stars4 Stars5 Stars (46 votes, average: 4.02 out of 5)
Loading...

Make sure you know what to do if your network is hacked via your router and the steps you can take to resolve the issue!

Wondering how to tell if someone hacked your router? We’ll cover some common “router hacked” signs and how to fix a hacked router. But first, let’s go over what a router is and the role it plays in your online world.

Routers are like the directional signs of the internet – routing traffic down the correct path. Like direction signs with street intersections, routers are placed in between where two or more parts of the internet intersect. So, when you’re connecting to “Wi-Fi” or “the internet”, it’s actually your router that you’re connecting to:

how to tell if someone hacked your router graphic of network connections
A screenshot example of a wireless network that your router could connect to.

Every single thing any device in your home does “on the internet” is sent through your router. So, if a hacker takes control of your router, they can theoretically see and/or control everything you do on the internet.

Your router is vital to your home network’s ability to work properly and handle sensitive data. The last thing you’d want is for it to get hacked! That’s why it’s so important to know how to tell if someone hacked your router and how to fix a hacked router.

How Do Routers Get Hacked?

Before we get into the specifics of hacked router signs, let’s explore how routers get hacked in the first place. Your router can get hacked any number of ways. Two of the most common are the following:

You’ve Enabled Remote Management

There is something called remote management. If you enable remote management, this means you can access your router from a remote location by connecting through the internet. If remote management is enabled, this could be an opening for a hacker to take control of your router (more on this later).

There Are Vulnerabilities On Your Network

Vulnerabilities, such as using weak passwords and having outdated software in the router’s firmware can be another way for a hacker to take control of your router.

In the Avast Threat Landscape 2019 Predictions Report, Avast research shows that in 2018, “60% of users around the world have never updated their router’s firmware, leaving them potentially vulnerable to fairly simple attacks that exploit firmware vulnerabilities.” This goes to show that the majority of people don’t know how to protect their routers, or they don’t realize would could happen if they don’t.

What Could Happen If Your Router Gets Hacked

Once a hacker takes control of your router, things can get ugly quite quickly…

  • Hackers Can Steal Your Data — Once a hacker is in, they pretty much have free range to steal what data they want. This could be passwords, emails, social media messages and any other type of personal data you put on the internet.
  • You Could Be the Target of DNS Hijacking — Hackers can also perform something called DNS hijacking, which is a DNS attack that involves rerouting users to websites they weren’t intending to go to. A common place a hacker would reroute a user to is a phishing website that is disguised like a website they were intending to go. If a hacker gets into your router, they could overwrite your DNS settings and send you wherever they want. 
  • You May Find Yourself on the Receiving End of Malware & DDoS Attacks — Hackers could inject malicious code snippets (malware), which could compromise your entire home network, or use your router in a DDoS attack (distributed denial of service). This is when a hacker uses a network of hacked devices to flood their target (typically another network or website), which blocks users from being able to visit it.

Hacked routers are no joke. For example, the FBI issued a warning in 2018 about something called VPNFilter malware. The release says that foreign cyber actors “used VPNFilter malware to target small office and home office routers. The malware is able to perform multiple functions, including possible information collection, device exploitation, and blocking network traffic.” They FBI also speculates that the malware targeted routers that were produced by several manufacturers and “compromised hundreds of thousands of home and office routers” as a result.

How to Tell If Someone Hacked Your Router

With all this talk about how dangerous a hacked router is, I’m sure you’re wondering what signs to look out for to know if your router is hacked. Here are a few “hacked router signs” to look out for:

Your Login Credentials Don’t Work

Passwords suddenly not working is never a good sign. This is no different when it comes to your router. If your Wi-Fi password or login to your router’s admin interface aren’t working, this could be a sign that a hacker has gotten into your router and changed it to lock you out.

how to tell if someone hacked your router graphic of a router's login page
An example of what your router’s admin interface login page could look like.

You Notice Unknown IP Addresses on Your Network

If you’re logged into your router’s interface, you should regularly check the list of IP addresses utilizing your network. If you see an unknown address (especially a foreign one), this will most likely mean that a hacker has accessed your router. So, for our next method of how to tell if your router got hacked, check for any unknown IP addresses.

how to tell if someone hacked your router screenshot of a router's wireless client list
An example of what page you should visit to check for unknown IP addresses. Just note that this page may look different depending on the type or brand of router you use.

You’re Redirected to Unintended or Unknown Websites

Going back to DNS hijacking and hackers rerouting you to dangerous websites we were talking about a minute ago… this is another sign of a hacked router. If you’re trying to visit your regular round of websites and you keep getting redirected to websites you weren’t intending to visit, then this could be a sign of a hacked router using DNS hijacking.

You Receive Ransomware Messages

Okay, this is the last item on our list of how to tell if someone hacked your router. Ransomware is a type of malicious software hackers use to withhold access to your data in exchange for an extortion payment. If a hacker has gotten into your router, they can very easily withhold access to your network.

But what do you do if you receive an email or some other form of communication from a hacker demanding payment in exchange for access to your network? the FBI recommends not paying the ransom demand and says to contact your nearest FBI field office or report it at tips.fbi.gov.

How to Fix a Hacked Router in Six Easy Steps

If you’ve seen the signs of a hacked router, then you surely want to act fast to get it fixed. Here are the steps you should take if you think your router is hacked.

Step 1 — Disconnect from The Internet

By disconnecting your router from the internet, the hacker loses their ability to access the router since there’s no longer a connection.

Step 2 — Reset Your Router

By performing a factory reset, your router will reset your settings and passwords. This allows you to have a clean slate with the router. There should be a physical reset button directly on the router to help you accomplish this task.

Step 3 — Change Your Passwords

Once your router is reset, log in to your router admin interface and reset the password. Please note that when you reset your router, your login information will have reverted to the default, factory-set username and password. There should be a sticker on your router that details the default login credentials for reference. Also, to log in to your router’s admin page, you must know your router’s IP address.

Screenshot of a router's system setup screen
An example of what your router admin interface page could look like.

When you reset your password, make sure to use a unique, lengthy and complex password that’s also easily remember, such as a phrase like MyFavoriteEatery78910. You should reset the password for your router admin interface and your home Wi-Fi. After doing these first three steps, you’ll have hopefully locked the hacker out of your network.

Need help creating a secure password? You can check the strength of any passwords you create using a tool like security.org’s password checker. Using that tool to check the passphrase “Mustard4Saltydogs,” I got the following result:

Screenshot of security.org's password checker tool
A screenshot of the results of security.org’s “How Secure Is My Password?” tool.

Step 4 — Contact Law Enforcement (If Necessary)

This goes back to the ransomware situation. Ransomware is a serious crime and should be handled as such. Whether you can get in and change your passwords after a reset or not, you should report the crime. In addition to reporting the crime, the FBI also recommends rebooting your router, resetting your password and the next few steps on the list…

Step 5 — Update Your Firmware

Routers don’t always update on their own, that’s why it’s important to update its firmware manually. Firmware is software that controls certain aspects of your router’s hardware. Updates are important as they help patch vulnerabilities, which could be a prime target for a hacker looking to get back into your router.

Step 6 — Turn Off Remote Management

Remote management allows you to access your network from a remote location. It’s quite convenient when you’re out or traveling, but this feature also makes it easy for hackers to control your network and computers from virtually anywhere.

If this is turned on and a hacker has access to it, that means they can take control of your desktop and download, upload, or do pretty much whatever they want. Turn it off!

Wrapping Up on Hacked Router Signs & Solutions

We hope we’ve answered the question “how to tell if someone hacked your router?” Our hope is that you won’t ever have to experience a hacked router situation again as it can be a pain to work through. If you do, though, we hope these tips help you work through and remove the hacker from your network.

As you move forward with a more security-oriented mindset, there a few more tips you should implement to prevent a hacker from gaining unauthorized access in the future:

  • Regularly change your router admin and Wi-Fi passwords.
  • Consistently update your firmware.
  • Monitor IP addresses listed on your admin page.
  • Use a “guest network” for your home visitors to limit access to your home network.
  • Don’t use WPS (Wi-Fi Protected Setup). The word “protected” is loosely used here, as this feature is notoriously insecure. It allows you to push a button on your router and instantly join the network. Any process that eliminates the need for a password (if not more protection) is usually not a good idea for security.

I hope this article helps you recognize the signs your router is hacked, how to fix a hacked router, and what you can do to keep hackers away from it going forward!

About the author

Danny is a writer and editor with a background in journalism, marketing and communications. He is a tech enthusiast and writes about technology, website security and cyber security.