Hacker has remote control over my devices

[whippoorwill]

Hi Guys,

I have a RT-AX88U which is my main router connected to the modem-cum-router provided by my ISP. The modem-cum-router is used only as a modem, as I have disabled its router mode. Now the AX88U in my room is connected by a CAT-6 cable to an RT-AC88U downstairs in my sister's room, as an AiMesh node with ethernet backhaul.

My problem is that my Windows laptop and iOS devices have been hacked even though AiProtection is showing no problems and I have disabled Remote Connection on the router system. I clean formatted my laptop after deleting all partitions several times, but every time my files are deleted or strewn across here and there. I have been really surprised by all of this and this has been going on for a year now.

Is there any setting which I am not aware of? Could one of the routers have been damaged or just malfunctioned? the AX88U is covered under warranty, and as an expensive router it will be an uphill task to prove to the service centre that it has malfunctioned and to get it replaced.

Could merlin firmware help in this case? Please help me. Thanks.

 

[vaboro]

@whippoorwill do you have WAN access to your main router, the AX88U I suppose, enabled? Do you have AiCloud service enabled on AX88U?

 

[Ripshod]

It's more likely one of the devices on your network could be causing this. Is everyone in your household infection aware? Even the BIOS on your laptop could be infected, but I'm sure you keep that updated(?).

 

[PunchCardBoss]

Please help me

Finding malware is not an easy task. Many malware can hop to other connected devices on your LAN, which are the symptoms you outlined in your OP.

You must create a methodical plan to isolated your devices from each other. Then allow one device at a time to gain access to your notebook, each time testing to see if the "hack" returns.

If your notebook is using WiFi to connect to your router, activate WiFi Isolation. Then rebuild your notebook. Test. If everything is stable, you know the malware is not on your notebook or router. If problems return, then one of your routers may be infected. You should note that Asus routers have been an attack vector in the past. That is why it is absolutely essential to update firmware when new versions become available. If you have not been diligent with firmware updates, I do recommend performing a "method 2" reset on each. Then re-config manually (not from saved settings).

Then, take every other device and put them on either 2.4 or 5Ghz. Which ever you choose, make your notebook the other band. Test again.

With your notebook on one WiFi band and all other devices on another band, remove isolation on your notebook connected band. Test.

Now, add one other device to your notebook band. Test. Continue adding other devices to your notebook WiFi band, test after each addition.

Your network may not permit the exact instructions above, but the principle of device isolation is what you need to do to figure out which device is infected (if there really is malware in your LAN).

 

[whippoorwill]

@vaboro Web access from WAN is disabled. AiCloud is disabled.

@Ripshod My BIOS on Windows laptop is updated. I hope it's not infected. I had shelved my laptop for several months, and even then I saw attacks on my other devices: my iPhone, iPad and perhaps Mac mini.

@PunchCardBoss Firmwares are up-to-date. I lack the expertise to perform what you said fully. But I will do a Method 2 reset on both the routers, as you said, tomorrow when my sister is traveling to Lonavala so that she won't be affected by the extended internet outage that causes. She just uses an iPhone and an iPad. I had reset my own iPhone, iPad, both routers, Windows laptop (which I have again shelved) multiple times but did not succeed in stopping the hacking attacks. Apple support advised me to do a reset my I-devices using a restore/recovery method by connected it to my computers, instead of just using the "Erase all content and settings" settings on them, but for that to happen, I should make sure that my computers themselves are clean. I will be installing Merlin on the routers. I hadn't thought about malware in the routers. That would be a nightmare scenario, if true, just like malware on BIOS.

Do you think there is a chance one or both of the routers have been damaged, like some circuitry which may be fried?

Also any advice/ pointers on installing Merlin?

Thanks!

 

[XIII]

I do recommend performing a "method 2" reset on each

I have been on this forum for quite some time, but don't recognize this reference.

What's a "method 2" reset?

 

[jetpack42]

I have been on this forum for quite some time, but don't recognize this reference.

What's a "method 2" reset?

I don't want to speak for the person who originally posted it, but they are likely referring to "Method 2" on the ASUS support article for resetting a router.

[Wireless Router] How to reset the router to factory default setting? | Official Support | ASUS Canada

 

[whippoorwill]

I have been on this forum for quite some time, but don't recognize this reference.

What's a "method 2" reset?

[Wireless Router] ASUS router Hard Factory Reset - Method 2 | Official Support | ASUS Global

 

[ColinTaylor]

I have been on this forum for quite some time, but don't recognize this reference.

What's a "method 2" reset?

He should have said "Hard Factory Reset". The particular method varies depending on the model of router. So for his RT-AX88U it would be "Method 2" and for his RT-AC88U it would be "Method 1".

 

[vaboro]

Web access from WAN is disabled. AiCloud is disabled.

Then it is highly unlikely that a cracker obtained control of your devices via the router. Nevertheless, I would check the external ports with nmap. This should be performed from the Internet, e.g. using a mobile phone's cellular network or a friend's computer with a different ISP.

 

[sfx2000]

My problem is that my Windows laptop and iOS devices have been hacked even though AiProtection is showing no problems and I have disabled Remote Connection on the router system.

Please describe how you are able to ascertain that your devices, esp the iOS devices have been hacked...

FWIW - we seen similar threads before, so there is some doubt here regarding your particular situation.

 

[PunchCardBoss]

Do you think there is a chance one or both of the routers have been damaged, like some circuitry which may be fried?

Doubtful.

In the past, Asus routers have been targeted by hackers. As I recal, these attacks targeted weaknesses in the core code. In fact, Asus seems to be updating may of its routers with what I suspect is sloppy coding, which may have security vulnerabilities. But this is only my guess.

Nonetheless, (again - as I recall) a method 2 router reset was the recommended fix for these past hacks. Do NOT restore a saved setup file. Rather configure your router manually.

Others smarter and with more experience than myself may add more on this subject.

I'm not a Merlin user so can't give any suggestions or tips about setup other than to suggest performing a Method 2 reset after installation. Then for safety sake, reload the Merlin FW again.