Infected Firmware
Firmware is software that is stored within a piece of harware e.g. computer motherboard, video card, network card, modem router etc.
Antivirus software only searches for viruses that are stored in files on hard drives, solid state drives and removeable media. A computer infected with a firmware virus will continue to be infected even if the hard drive is replaced and the operating system is completely reinstalled.
Infected Modem Router
The firmware in a modem could become infected by an external attack that exploits a flaw in the existing firmware.
There is potentially another risk in the UK that a modem router could be supplied by an ISP with malware already installed. The Investigatory Powers Act 2016 compels ISPs to co-operate with governemnt mass surveillance. This could extend to including spyware in the firmware of the modem routers they supply.
I have seen no articles that suggest this is actually happening so the threat may only be theoritical however:
- The Investigatory Powers Act 2016 forbids the ISPs from revealing how they help with surveillance
- There is a DSMA-Notice stopping the UK media from publishing anything an ISP whislteblower might reveal
- The Tempora tapping of the fibre optic network was kept secret from testing in 2008 until revealed by Edward Snowden in 2013
so absence of evidence should not be taken as evidence of absence.
Regardless of the source, an infected modem router could allow:
- Attacks on all devices connected the modem router e.g. computers, tablets, mobile phones etc. from within your firewall to install keyloggers etc.
- Open up ports in the modem router's firewall while reporting them as closed
- Perform man in the midde attacks by redirecting traffic to fake versions of websites
- Reporting selected internet ectivity
- Denying access to the internet
Counter measures
You could try updating the firware of comppnents regularly but this is not garuanteed to work becuase:
- Firmware updates may not exist or be very infrequent
- The malware may be sophisticated enough infect the upgraded firmware as it is installed
- The malware may only report the firmware version as being installed without installing it
One option for defending against the risk of an infected modem router is to place an additional firewall betwwen the devices that access the internet and the modem router. One example would be a wireless access point built using a Raspberry Pi, where you control the software that goes on it. Tutorial on building Pi access point