This was inspired by an offshoot of another topic. The issue is how can someone use another persons wifi connection without the proper credentials.
I am not an expert by any means. I have never seen any unauthorized device logged into my routers when I looked at the router page as the admin. I see all my devices. I changed my SSID from what the phone company gave it. It is not broadcast. My password is complex and random.
So, how could someone log in to use my WiFi and see what I do?
What other steps would I need to implement prevention?
If someone gains access how is it that a password change doesn’t keep them out?
I intend to research this as I was under the impression I was safe. I seem to be, but I want to know more.
I am aware that it is possible to sometimes defeat various security “things” if one tries hard enough. But making things more difficult for intruders should make most attackers look elsewhere for easier prey.
Anyhow, I am off and away for a few hours of repairing barbed wire fencing.
I used to use backtrack linux (now Kali linux) to do stuff like this when I was learning Linux and computer stuff in general. Just to see if I could, not to actually cause any harm. Often I’d just set up a spare router of my own and try to get into it.
WEP was easy to crack, but it’s not used anymore. WPA and WPA2 are harder but the weakness was WPS (That little button you’d press then press the same one on your device to connect without typing the password). There is an application on Linux named Reaver that could obtain the WPS pin. Then obtain the password using that pin.
I haven’t messed with any of that stuff in a while, but I believe most routers fixed the WPS issue so it’s not as easy anymore.
Aside from the WPS thing, WPA2 on modern routers requires capturing a handshake then running a dictionary attack, so it’s time consuming and if the password isn’t in the dictionary/wordlist you are using it won’t find it.
My knowledge is probably outdated and limited though. I’m sure there are folks around here that know this stuff for real.
Seems like years ago i had a wifi router that had a default account manager with userid= admin and password= password or admin
So if the default setting had not been changed then it would be easy to take over.
Mediacomm has changed their routers now such that it is managed thru some website app and the owner can’t directly access the router management acct (supposedly), but it can be done if it is in your possession.
i agree with jason the guitarman and sammy’s hairy pig.
K, moved this over here for the juicy stuff! :laughing:
Things like Reaver, etc., let you crack passwords in hours.
There are 2 major types of wifi. One is easy to crack. The other is easier to crack.
You want secure networks, you need to turn on “enterprise” options like 2FA and other terribly inconvenient things.
You can try to limit access to the wifi by MAC address, etc., but not many people want to bother to learn how to do that.
And lots of routers have selectable power settings. If you can get by with low power (ie, not broadcasting to half the neighborhood), it’s worth it to crank it down a peg. But some people insist on having it cranked all the way up so they can pick up wifi out in their backyard or whatever.
And here’s a shocker… go wired! If you can do without phones, tablets, etc., getting in, plug a cable into your desktop/laptop, and turn off wifi. ONLY turn it on when you need to poke around on the tablet, phone, etc. Another benefit is that you don’t have all those rays shining on you 24/7.
“Convenient” and “secure” are almost always mutually exclusive.
Yeh, same with wifi cameras and other doodads. You can find whole lists of default id/pw pairs for practically any device out there, and they’re being actively maintained.
I believe Reaver works on the WPS key. Turn WPS off and that will not work.
My assumption is that anyone who has some/any concerns about being secure should do their research and have all the basic things like changing passwords to something long and using all sorts of non-dictionary letter/numeral/symbol combinations and shutting down the WPS. I have never used WPS. But then many people are lazy so I know that out there in the wild things can be hairy.
Yes, ethernet is good and fortunately, our home is wired as well as wireless, as we choose. But mostly ee use WiFi with a PW manager and s plethora of unique obscure PW.
If this was still true, the world would not exist as we know it. With WEP and WPA this was true, but they are not used anymore. WPA2/WPA3 are not so easy to crack anymore. In fact it is highly unlikely in most cases.
“Enterprise” in terms of WiFi means something different (EAP instead of PSK).
Objection! You can have convenient security. Get a secure storage / token device like a YubiKey for example. You can use it via USB on your PC or NFC on your phone. This already makes it very secure.
If you don’t want to use a physical device, at least use a password manager with a unique, long, randomly generated password for each service. Enable 2FA if available. You can use your phone or the password manager to generate the TOTP token.
In addition to secure authentication make sure that your system is up to date and that you are careful what you are doing. Almost all attacks involve a human part: yourself. Either via social engineering, simple phishing or careless execution of a downloaded file.
I think my home router uses a weaker encryption. It’s probably WPA (not WPA2). If I recall correctly this is because some of my older devices do not support the newer encryption standard.
I’m not too worried though. I live in an apartment building and any intruder is likely just looking for free wifi. I’d also notice and kick them off since they’d probably cause issues with my speed or throughput.
I believe it is true that all the Wi-Fi encryption types are technically breakable, but some of them like WPA2 are not practical for most people to get past.
Edit: I did not realize there is now a WPA3 standard. I should probably reevaluate my home network settings and potentially upgrade my router.
I believe newer routers are backwards compatible with WPA, WPA2 & WPA3. At least when I bought new routers a year ago the WPA3 enabled routersI bought work fine with all the old stuff.
For an old device to connect to the router though, the router would have to have at least one channel using an older protocol though right? And wouldn’t that defeat the point of having a newer router with the new encryption standard?
TBH, the devices I have which are too old for the new standards are non-essential. I might have to just live with them not having wireless access.
Based on what's been offered up on this thread thus far, as well as at the end of the previous discussion by our resident I.T. security consultants/experts in response to member "Venom's" perceived problems, I'm fairly confident that I can keep up and maybe even offer a different perspective based on my own personal experience regarding the "topic of hacking". However, since I am not an expert by any stretch, I will plan to keep my comments more toward the psychological aspect of the I.T. security discussion.
As far as "Venom's" story goes, while it's technically possible for anyone to be hacked, which is precisely why Internet Security is such a huge business, his story is otherwise rather outlandish, with inconsistencies, and full of inpropabilities. Out of respect for someone I've never met in person, I wouldn't mind being proven wrong. However, based on everything Venom provided through several posts in the previous thread, I am left believing that he is dillusional, and seriously paranoid. For instance, and momentarily disregarding the challenge with pulling off such a technically difficult feat, the idea that a lawyer would jeopardize their license & career to hack into anyone's WiFi network, then computer, then their online accounts, before then charging an Amazon purchase to his credit card account is just not a reasonable consideration. Venom also said, "As far as warrants goes to get access to someone internet. It’s easy here. Lawyer get away with a lot. A judge told me this. In his mind, lawyers get away with a little to much." Seriously! Where to begin!
There are so many questions that I would like to know the answers to, including how Venom could possibly know what someone else is seeing him type into his computer? Think about the possibilities that raises...about Venom.
Within the context of everything else he provided, saying something like, "This neighborhood will drive you nuts" is quite telling. Maybe it's not so much the neighborhood that's driving him nuts!
This type of internet technology-based paranoia is rampant, particularly for those who have read a bit about this topic, but have virtually zero education or practical experience in the field. One's mind can quickly go off the rails with misinformation that's represented as fact. That is why this thread should be carefully monitored by verifiable experts, so as to not end up feeding into such dillusions & paranoia! So please be careful with what you write and be able to provide verifiable proof of fact... OK!
I believe the idea for backward compatibility is to make it possible to upgrade technologies, but not have to purchase all new hardware all at the same time. But it is best to follow through and replace older tech.
So to me, your question raises the new question of whether or not a WPA2 router faces risks via the less secure WPA function when the network does NOT have any WPA devices connected.
Similar is the question as to what happens if the router is WPA3 capable and there ARE WPA2 devices connected…. is the entire system only as good as WPA2?
.
.
It has occurred to me that this question of security is similar (but different) to the one made about automobiles. Can I, should I, drive one of my older, lovable, performance-modded Volvo’s (123 GT or the P220) that have 1968 levels of safety features and are fun/cool to drive or should I drive the newer Honda which performs “okay” and has myriad safety features and a greater crashworthiness rating, but is indistinguishable from every other car on the road.
That’s the primary reason why new standards, etc., aren’t always The Answer.
Not everyone throws out old routers and buys new ones, as long as the old ones still work fine.
A fiend of mine has an old router that only supports 2.4GHz and not even 5GHz, because his old tablets (several, mainly used for artwork, etc.) don’t support 5GHz.
You generally make buy new or keep decisions for the Weak Link, whether it’s the devices you’ll be using on the wifi, or the max connection speed, etc.
Ie, unless you’re upgrading your connection to however many gigamegs per second and your router won’t be able to make use of that speed, you’re likely to just keep the old router. Unless it breaks, you’ll likely be keeping it. Unless new devices need a newer router’s features, or don’t support some older protocol, whatever, you’ll…
Ah, the fiend I just mentioned has issues with that. His old tablets need drawing programs and whatnot, that are no longer supported anymore, so to upgrade his tablets, he’d have to do without his old standby programs, or worse, have to rebuy a whole bunch of new apps, utils, etc., to get the same functionality as he already has with his old stuff.
So for him to keep his old tablets until each one goes permanently teats up, he’s in no itchin’ hurry to get new anything that won’t connect to those devices anymore.
True. It’s a shame I can’t use more Ethernet in my apartment. There’s just nowhere to go with it that wouldn’t be an eyesore, violate my lease, or both. Unless you count running wires across the floor. I don’t think that would be worth it lol
With WEP and WPA this was true, but they are not used anymore. WPA2/WPA3 are not so easy to crack anymore. In fact it is highly unlikely in most cases.