Do you need to upgrade the firmware on your home or office wireless router to counter risks from the Heartbleed vulnerability? Before upgrading your routers firmware, you should check the support website of your router vendor to find out if your device is affected.
Suggestions include using search engine – just query “My Router Type and Heartbleed” – you should receive a return on sites where you can find more information on whether your device is affected, and some site links are provided at the end of this post (note: not all routers are affected as some vendors do not use OpenSSL).
There are two possible ways to ensure you’re protected, the first in to auto-update your firmware and the second is to manually download the fix/firmware and install it yourself. Each routers’ interface is different, so you should would refer to the user manual for your device for the precise steps to update the firmware.
General Auto Update:
Step1: Login to your router – typically open a browser and type https://192.168.0.1 or https://192.168.1.1 one of these should get you to the login screen of your router, if not please refer to your routers user’s manual. Also your routers user’s manual will include the default “username” and “password” for logon.
Step2: Once logged in, find the “system” or “admin” area in your router and then look for the “Update Firmware” option.
Ex: On a Cradlepoint router, once you log in…
- Drop the menu down for “System Settings” and then choose “System Software”
- Click the “Check Again” button next to “Available Firmware Version”
- If there is an update available, you will see the “Automatic (internet)” button
- Click the “Automatic (Internet)” button… Your firmware will be downloaded and installed
- Once installed the router will reboot (normally) and you will be back in business
General Manual Update (DLink Shown – Please refer to your vendor user manual for the proper steps)
To upgrade the firmware on your router, please go through the following steps:
Step 1. Download the latest firmware from your Vendors Support Site (may need to Google for it) and unzip the files to a folder on your computer that you can locate them easily. (If you can’t unzip the files, you may need WinZip/7Zip for Windows, or Stuffit for Mac).
Step 2. Once you’ve downloaded and unzipped the firmware, open a web browser such as Internet Explorer or Firefox and enter the IP address of your router (192.168.1.1).
Step 3. The default username is normally admin (all lower case) and the default password is admin (not on all devices, check your user guide). Click Login.
Step 4. From here you need to navigate to the area where your install the system software of firmware. For instance on “DLink” routers you would Click on Tools and then the Update Gateway button on the left side. Click on the Browse button and browse to the firmware file you downloaded and unzipped in Step 2. Highlight the file by clicking on it once and click Open.
Step 5. Click Update Gateway button. It will start copying the files across. Once the file has gone through and the unit has rebooted login again.
Step 6. Now click on the Browse button again and browse to the firmware file you unzipped in Step 2. Highlight the file by clicking on it once and click Open.
Step 7. Click Update Gateway button. Once the upgrade has finished the unit will reboot. Once the unit has been rebooted and you are logged in go to Tools and update gateway. The current firmware version should now show the new version of the firmware.
Step 8. The router may need to be factory reset before use. Disconnect the power to the router, then plug it back in and wait 20 seconds. Then, hold the Reset switch on the back for 10 seconds. Then you can configure the router as per your requirements. Once everything is configured, plug in the ADSL line.
CradlePoint – (firmware needed for some router models):
Belkin Memo (not affected):
Linksys Memo (not Affected):
It’s also not a bad idea to run a scan in your home or office environment to see if your systems are vulnerable to the Heartbleed vulnerability. You can check your systems using Tripwire SecureScan – a free vulnerability scanning for up to 100 IPs on your internal network.
And be sure to join us for the webcast Heartbleed Outpatient Care: Steps for Secure Recovery on Thursday, April 17, 2014 1:00 PM EDT/10:00 AM PDT where we will be discussing the need for a robust security strategy for rapid reaction to vulnerabilities and threats.
In this webcast we will examine:
- The Heartbleed vulnerability in detail, how it occurred with examples of how it can be used against your organization
- How you can identify your business exposure and what systems are vulnerable
- How Tripwire’s solutions work together to help you close the detection, remediation and prevention gaps around Heartbleed
- Heart Attack: Detecting Heartbleed Exploits in Real-Time
- How to Detect the Heartbleed OpenSSL Vulnerability in Your Environment
- NETGEAR Wireless Router Configuration Guide
- Wireless Network Security for the Home User
Check out Tripwire SecureScan™, a free, cloud-based vulnerability management service for up to 100 Internet Protocol (IP) addresses on internal networks. This new tool makes vulnerability management easily accessible to small and medium-sized businesses that may not have the resources for enterprise-grade security technology.
The Executive’s Guide to the Top 20 Critical Security Controls
Tripwire has compiled an e-book, titled The Executive’s Guide to the Top 20 Critical Security Controls: Key Takeaways and Improvement Opportunities, which is available for download [registration form required].
Title image courtesy of ShutterStock