November 2016 will go down in history as a month where the unexpected actually happened. First, the Chicago Cubs, after a 108-year drought, won the World Series. Next, Donald Trump won the U.S. presidential election. Now, as this tumultuous month draws to a close, a massive attack against nearly one million home routers of Deutsche Telekom AG customers has knocked them offline. But was this also unexpected? Or was it the latest in a long line of Hacks of Mass Destruction, and the scariest one yet?
Let’s review our definition of Hack of Mass Destruction, a term we invented back in the halcyon days of 2014:
An ISP provided the same equipment to many of its subscribers. Check.
Deutsche Telekom provided the Zyxel and Speedport routers to many of its subscribers.
This equipment was flawed. Check.
The Zyxel and Speedport routers are vulnerable. This vulnerability exploits the TR-069 and TR-064 protocols, which ISPs, including Deutsche Telekom, use to remotely manage hundreds of thousands of internet devices.
Hackers exploited this vulnerability and launched a massive attack. Check.
The hackers tricked the vulnerable routers into downloading and executing malicious code. The hackers could crash the infected routers or turn them into remotely controlled “bots” for launching large-scale attacks against websites and other computer systems.
What to do if you are a victim of this attack
There is a firmware update available for your router that fixes this problem. (Firmware is software for your router.)
- Turn off the power on your router.
- Take a few deep breaths, and count to 30 (seconds).
- Turn the power back on.
When the router restarts, it will retrieve the newly released firmware update from the Deutsche Telekom servers.