[Originally published 2014-05-31]
Recently, one of my customers had an issue whereby their modem-router was 'hijacked'.
The symptoms were that if they used the Google search engine, then the search engine wouldn't work, but on-screen would display something to the the effect that their Adobe Flash Player (The software responsible for generating animated and interactive web content) was out of date. (See image from link below)
Attempts to update it automatically would fail with an error message. If directly downloaded from Adobe's website, Flash would not update as it was already up-to-date on the afflicted Mac.
At first, only one late model Mac had this issue which couldn't be solved by the standard troubleshooting procedures. When another late model Mac got it, too, this suggested something nefarious. Online research for the issue revealed that the Macs were mostly fine. The cause and fix of the problem was at the modem-router which was hacked and potentially could have resulted in any of the Macs exhibiting similar symptoms.
Other, later symptoms, included the Mac reporting that Internet Explorer needed updating. Since Internet Explorer only runs on Windows, which wasn't installed on any of the Macs, I suspect that Macs were immune from the worst intents of the hackers, whose basic efforts meant the victim's web browser was being redirected to the hackers' version of the most popular websites to intercept passwords and install malicious code onto Windows PCs. But, if Facebook, iCloud, and other Internet based services were also targeted, then it could be serious for any user saving confidential data there.
Hit the image below for a link to one of many news reports on the issue, or simply Google "
300,000 modems hacked".
Hijacked Modems
If I understand the news reports, it sounds like a Serbian web host registered the UK, but physically in the Netherlands, is responsible for the hijacking of cheap routers with known vulnerabilities. The weakness in the routers was known for over a year and some manufacturers had issued firmware (A type of software programming for the device) updates to prevent reoccurrences of the problem. So, if you have a cheap router that hasn't had a recent firmware update, it may be at risk.
Although the above news report makes it sound like all Macs would be equally affected on the network, this isn't the case if the Macs have their DNS manually set, instead of being configured to use the router's settings.
Putting your own password on the router's admin interface isn't enough to prevent it being hacked in the first place, but, for affected routers, a temporary fix may be to simply do a factory-reset, or at least change the DNS settings on the router to those recommended by the ISP. Note that afflicted Macs may also need to have their DNS settings reset, and the web browser cache flushed, too.
In the case of my customer, the modem-router was manufactured in 2010 and the latest and last firmware was issued in 2012 – being a couple of years too late to likely prevent any of this 'hijacking' – so a new modem-router, one recommended by their ISP, was installed.
Installing a modem-router recommended by the ISP means, not only is the modem likely optimised for their network and support, but the ISP's reputation is also at stake, so they should be offering a good device not likely to be hacked.
In any case, do change the default password on your modem-router and there are other things that can be done to minimise such attacks, too.
If you need any further advice, you can contact eSage for support on this for both home and office.