Malicious WiFi & Websites: How to Stay Safe

TL;DR

A malicious WiFi router can redirect you to a fake (malicious) website, even without your explicit permission. This is usually done through DNS hijacking or by exploiting vulnerabilities in the router itself. Protecting yourself involves using strong passwords on your router, keeping its firmware updated, and being cautious about connecting to unknown WiFi networks.

How a Malicious Router Can Redirect You

1. DNS Hijacking: Your computer asks a DNS server (usually provided by your internet service provider or the router) to translate website names (like google.com) into IP addresses. A malicious router can be configured to give you the wrong IP address for legitimate websites, sending you to a fake site instead.
2. Router Vulnerabilities: Routers have software called firmware. If this firmware is old or has security holes, attackers can take control of the router and change its settings (including DNS).
3. Man-in-the-Middle Attacks: A malicious router positioned between you and a legitimate access point can intercept your traffic and redirect you to harmful websites. This requires more sophisticated setup but is possible.

How to Protect Yourself

1. Strong Router Password: Change the default password on your WiFi router immediately! Use a strong, unique password (at least 12 characters with a mix of letters, numbers and symbols).

   # Example - don't use this exact one!
   P@$$wOrd123

2. Keep Firmware Updated: Router manufacturers regularly release updates to fix security problems. Check your router’s settings (usually through a web browser) for firmware updates and install them promptly. The location of the update setting varies by manufacturer; consult your router’s manual.
3. Use HTTPS: Websites using HTTPS encrypt your connection, making it harder for attackers to tamper with your traffic. Look for “https://” at the beginning of website addresses and a padlock icon in your browser’s address bar.
4. Be Careful with Public WiFi: Avoid connecting to unknown or unsecured WiFi networks. If you must use public WiFi, use a Virtual Private Network (VPN) to encrypt your internet connection.
5. Check DNS Settings: Verify that your computer is using trusted DNS servers. On Windows:
   1. Open Control Panel → Network and Internet → Network Connections
   2. Right-click on your WiFi adapter → Properties
   3. Select “Internet Protocol Version 4 (TCP/IPv4)” → Properties
   4. Check if DNS server addresses are correct. Consider using public DNS servers like Google’s (8.8.8.8 and 8.8.4.4) or Cloudflare’s (1.1.1.1).
6. Router Security Features: Many routers have built-in security features, such as firewalls and parental controls. Enable these features to add an extra layer of protection.
7. Monitor Connected Devices: Regularly check the list of devices connected to your WiFi network through your router’s settings. If you see any unfamiliar devices, investigate them immediately.

What if You Think You’ve Been Redirected?

1. Disconnect from WiFi: Immediately disconnect from the WiFi network.
2. Run a Malware Scan: Use a reputable antivirus program to scan your computer for malware.
3. Change Passwords: Change passwords for important accounts (email, banking, social media) as a precaution.
4. Contact Your ISP: If you suspect your internet service provider’s DNS servers are compromised, contact them immediately.