cancel
Showing results for 
Search instead for 
Did you mean: 

What are the chances my Plusnet router has been hacked?

BD894
Hooked
Posts: 5
Registered: ‎14-09-2020

What are the chances my Plusnet router has been hacked?

Hello there, Question from a non techy user here so please bare with me, bit of a long winded explanation but I wanted to make sure I’ve covered everything.

I’ve been having a few issues with email accounts over the past couple of months, constantly resetting passwords etc. One spam email scared me last week as it was an almost exact replica of a genuine one I had received (from my doctors surgery) I was then getting phonecalls (from a French number) pretending to be from my doctors surgery and encouraging me to answer the phone (I only know this because they also left voicemails). I blocked and ignored and thought that was the end of it. Then came Friday (11th Sept) I’d been looking around for some antivirus software when I noticed in my phones settings (I have a Samsung S9) a link for a security package with Mcafee, it was an unbeatable deal so I went with it. That’s when I made a rookie error, they emailed me a link to download the antivirus app (also sent one to IPad and I installed there too) and it was immediately after I realised what I’d done, the apps wasn’t to be found anywhere on the system and I started to have strange activity within both devices, web browsers redirecting, passwords not being censored, verification codes being sent from spam email accounts posing to be Apple/Facebook etc. (The original email where I believe I downloaded the malware from has totally disappeared from my email account, as have the text messages which was sent pretending to be from Apple)

I decided to take a look into my router settings, My IPad has been set to have a static IP (I definitely didn’t do this, think I’ve managed to fix it now but for a while no matter how often I changed the setting it was just switching back) I also noticed in my Plusnet account that the firewall had been switched to off, (back on now hopefully it will stay that way) when I try to manage my webpage settings from my Plusnet account it just brings up a white screen. My Plusnet account also states that I can’t change any settings due to an outstanding order (I joined in March and haven’t made any changes since - it says I’m waiting for my Hub One to arrive but it’s definitely already here hehe) another thing in my router log in page it says last update unknown at the bottom of the page so I’m unsure if my firmware is as up to date as can be.

 

I’m waiting for support from Apple and Samsung in regard to my devices but the issues with the static IP and unable to change account settings has been on going for a couple of weeks now. I’ve also had an excessive amount of remote administration showing up in the router event log starting to feel overwhelmed and out of my depth with it all so I’m hoping someone here with more knowledge than me in this area can give some advice as to any problems what may be occurring with my router or if someone from Plusnet can somehow do a security check up on my network.

 

 

10 REPLIES 10
markhawkin
Pro
Posts: 407
Thanks: 58
Fixes: 8
Registered: ‎17-07-2016

Re: What are the chances my Plusnet router has been hacked?

@BD894 

While impossible isn't a word I would use in connection with IT I very much doubt your Plusnet supplied router has been hacked. A reset on that will generally do no harm.

On the assumption that everything of value is backed up in the Apple/Android systems personally I would factory reset both devices and start again.

All purchases (apps & media) vie their stores should be available to download again.

It sounds a bit like you may have had your email account hacked although the major email platforms have some form of device authentication.

Assuming you have a computer and you are reasonably certain it is "clean", log into your email provider and see if you recognise the devices that the email provider lists.

As an example see this for GMail:

https://support.google.com/accounts/answer/2544838

 

I am the satisfied customer....
BD894
Hooked
Posts: 5
Registered: ‎14-09-2020

Re: What are the chances my Plusnet router has been hacked?

Hi, thank you for your reply. Yep I've Factory reset both devices and it hasn't fixed the issue unfortunately, hopefully I'll have more answers today after a trip to the Samsung store.

I think you're right re: the email accounts, on looking into the security/recent log ins it does look like there was a successful sync once in Germany and again in America, this is while having 2-FA set up I should add. I've decided to abandon these email accounts and I'm going to try and get them closed down.

I just thought I'd ask about a potential router hacking as I didn't want to do all the leg work setting up new accounts just for them to be compromised again when I switch back to WiFi.

Just wondering should there be a date at the bottom of the router log in page to indicate the date the hub was last updated, thanks again
BD894
Hooked
Posts: 5
Registered: ‎14-09-2020

Re: What are the chances my Plusnet router has been hacked?

Just an update after a visit to Samsung store, they advised 'flashing' the device with their own software to override any previous software. For whatever reason this was blocked, even the tech guy in the store was scratching his head.. he said he hasn't come across this before but basically all updates/wipes of the phone have somehow been blocked by whatever malware/virus got into my devices. It's now been sent off to have a whole new board fitted into it. 

 

At this point I think I'm gonna give Plusnet a call for some peace of mind, also even though I didn't download anything onto the laptop I think this may have been compromised too because it's showing up as though I'm connected to 2 Wi-Fi routers (both identical and posing to be my router) one network is private one is public?  Something very strange is going on here.

wakeman
Aspiring Pro
Posts: 238
Thanks: 54
Fixes: 3
Registered: ‎20-04-2020

Re: What are the chances my Plusnet router has been hacked?

hi @BD894 

It sounds like your email at least has been attacked and possibly your computer.

Two basic things to do on your router is change the admin password (remember it), and the other on the Wi-fi settings change your SSID name and change the password on that as well.  You will need to change the password connection password in your mobile devices to match the new password.

I suggest you do a full scan with malwarebytes on your computer.  You could then look at getting the 'Plusnet protect' which is basically McAfee security program provide through Plusnet. 

markhawkin
Pro
Posts: 407
Thanks: 58
Fixes: 8
Registered: ‎17-07-2016

Re: What are the chances my Plusnet router has been hacked?

The two wireless networks may well be true in that it may be seeing the two WiFi bands separately.

 

Malwarebytes is good (the free version is usually sufficient) for peace of mind.

 

My best guess is that it's your email account that has been hacked.

 

If you access your email via the browser on the computer that may be how it was done (Malwarebytes should find anything in that area).

 

 

I am the satisfied customer....
Baldrick1
Seasoned Hero
Posts: 6,006
Thanks: 2,656
Fixes: 177
Registered: ‎30-06-2016

Re: What are the chances my Plusnet router has been hacked?

Maybe I'm over cautious but if I had been caught like this I would assume that everything had been compromised. I would change my Plusnet password and any password stored on any of the devices. Then stop using email addresses and change to new ones. Factory reset the Hub plus Apple and Android devices and totally wipe and clean install Windows based devices from scratch.

One hell of a lot of work but I would never trust any of my devices until this was done.

 

BD894
Hooked
Posts: 5
Registered: ‎14-09-2020

Re: What are the chances my Plusnet router has been hacked?

Hi guys thank you for the replies, all confirmed my first instincts however none of these steps worked. Even malware bytes isn’t picking this one up. Factory reset button (just to clarify yes the tiny pin-hole sized button on the back) on the router is not working as it should, tried it twice myself and a third time whilst on the phone to Plusnet.. it’s registering as a reset but will not factory reset at all - same issue I had with the phone. I’ve give up with the IPad it’s out of warranty and would cost me way more to replace the motherboard than it would just buy a brand new one :(. So in conclusion to this post yes it would appear my router is also compromised and I’m waiting for a new one to be delivered. At least I’m getting near the end of this nightmare now.. I hope. I’m told what’s happened though is incredibly rare so for anyone potentially following this post do not be alarmed if you’re experiencing similar.. unless like in my case you specifically know you pressed a bad link.
BD894
Hooked
Posts: 5
Registered: ‎14-09-2020

Re: What are the chances my Plusnet router has been hacked?

Certainly not over cautious Baldrick1! This is exactly what I proceeded to do but over the weekend was stuck in a rut of creating new accounts for them to be compromised not long after, the phone was blocking all factory resets and updates this was confirmed by diagnostic tests run by Samsung, that’s when my suspicions turned to the router also, after chatting to a lovely guy at Plusnet he did confirm the router was also blocking updates after doing some tests. I have absolutely no doubt it started in my email accounts but somehow it’s managed to spread beyond that to my entire network
markhawkin
Pro
Posts: 407
Thanks: 58
Fixes: 8
Registered: ‎17-07-2016

Re: What are the chances my Plusnet router has been hacked?

@BD894 

With the iPad, I would take it to an Apple store.

If they really can't factory reset it I would be most surprised.

I'm fairly sure they will fix it without it being a chargeable repair.

Once reset find some public WiFi (or visit someone you know) to set it up.

Create a new Apple ID (if only to test).

As for the laptop, find someone helpful and make a memory stick to clean install Windows.

https://support.microsoft.com/en-gb/help/15088/windows-10-create-installation-media

Otherwise get a computer shop to do it (and fit a solid state drive while they are at it if it doesn't have one), the SSD will be money well spent.

 

I am the satisfied customer....
Baldrick1
Seasoned Hero
Posts: 6,006
Thanks: 2,656
Fixes: 177
Registered: ‎30-06-2016

Re: What are the chances my Plusnet router has been hacked?

@BD894 

What a nightmare! Have you thought how you are going to get a clean system? If these nasties are affecting your router then you need a clean computer to connect to its replacement if you're not going to risk reinfecting it? You could end up going around in circles if you're not careful.