WiFi Hacker Devices

Status
Not open for further replies.

ZeeOSix

$100 site donor 2022
Joined
Jul 22, 2010
Messages
40,068
Location
PNW
Apparently there are devices people can buy so that they can search for broadcasting WiFi networks in the neighborhood and allows them to see the IP address, password, etc, and can log into someone's WiFi modem/router and change it's settings, etc.

Are these devices legal, and is it illegal for someone to use such a device?

If that's true, is there any settings in the modem/router than can be set to stop something like that?
 
Change your Admin password,
Hide your SSID,
Enable MAC address filtering,
And keep your firmware updated...
 
Last edited:
Not clear to me how they would see the IP address, password, etc. unless they logged in using a default set of credentials.

Assuming SSID is set, its not clear to me that they could even get to the router login screen to mess with other things... Though Id suspect that SSID could be hacked or intercepted.

Looking forward to learning on this thread.
 
I know that I see many of my neighbors wifi's when setting up devices. It would be interesting if password protocols weren't set or they were easily figured out. I won't waste my time but I suppose if someone was inclined they could cruise around and find some unguarded network to exploit.
 
An unsecured wireless router is begging to be hacked. Newer wireless routers won't enable internet connectivity unless a admin password is set and wifi password is set.

For someone to truly hack your router would mean physical access to the router or someone in your driveway hours trying to sniff network packets/bruteforcing access to your router.
 
Last edited:
Originally Posted by Kibitoshin
An unsecured wireless router is begging to be hacked. Newer wireless routers won't enable internet connectivity unless a admin password is set and wifi password is set.


On a secured WiFi modem with a password set by the user, is there any way for someone with a WiFi hacking device to see the password and get into a password protected modem to mess with the modem settings?

Originally Posted by Kibitoshin
For someone to truly hack your router would mean physical access to the router or someone in your driveway hours trying to sniff network packets/bruteforcing access to your router.


Let's say it's someone who lives in the neighborhood that can sit in their house and sniff all the networks his device can pick up.
 
From the National Security Agency, Systems and Network Attack Center (SNAC)

Recommended 802.11 Wireless Local Area Network Architecture

I332-008R-2005

You only need to read Part 1, and especially Part 2. Part 3 and beyond gets very technical...

http://www.itsecure.hu/library/file/Biztons%C3%A1gi%20%C3%BAtmutat%C3%B3k/Wifi/Recommended%20802_11%20Wireless.pdf
 
Your a solid 20 years late with your concerns

If it bothers you so much, it might be time to brush up on the basics of network security

https://www.edureka.co/blog/what-is-network-security/

https://en.wikipedia.org/wiki/Wireless_security

https://heimdalsecurity.com/blog/home-wireless-network-security/

There is no "hacker devices" per se, just repurposed network hardware, I don't really care if a Facebook post tells you otherwise

Just like a motor vehicle isn't a "murder weapon", It's just unfortunately used as one sometimes
 
Funny I read this today...
I got to work Monday and either my phone or my tablet would not connect to our WiFi at work. I didn't think much of it since the network is commonly down, it's very slow and limits content. I went to notify my boss I was taking lunch and saw him perusing his inbox. I asked if the WiFi password had been changed. He informed me over the weekend (when noone was supposed to be there) our WiFi was hacked from a Galaxy 5 from the parking lot so they cut wireless access for now. Apparently the hacker was attempting to access the cities network work through our department and whatever security software in place blocked it.
Our WiFi password is a random mix of numbers and letters in caps and lowercase. Not everyone gets the password and it would be mostly impossible to guess.
 
I have a friend that lives in a mixed neighborhood. As in they would steal a wheelchair. He named his router B.A.T.F. surveillance van.

Caused some fear.

I suppose DEA and Immigration would have been entertaining.

Rod
 
Originally Posted by mattwithcats
Change your Admin password,
Hide your SSID,
Enable MAC address filtering,
And keep your firmware updated...


The top one and the bottom one are the only ones on that list that really help, the middle two just give somebody a false sense of security.
 
Originally Posted by mattwithcats
From the National Security Agency, Systems and Network Attack Center (SNAC)

Recommended 802.11 Wireless Local Area Network Architecture

I332-008R-2005

You only need to read Part 1, and especially Part 2. Part 3 and beyond gets very technical...

http://www.itsecure.hu/library/file/Biztons%C3%A1gi%20%C3%BAtmutat%C3%B3k/Wifi/Recommended%20802_11%20Wireless.pdf


That's from 2005, FYI.
 
Originally Posted by ZeeOSix
Apparently there are devices people can buy so that they can search for broadcasting WiFi networks in the neighborhood and allows them to see the IP address, password, etc, and can log into someone's WiFi modem/router and change it's settings, etc.

Are these devices legal, and is it illegal for someone to use such a device?

If that's true, is there any settings in the modem/router than can be set to stop something like that?


It's called a laptop
lol.gif


Seriously though, what these "devices" would be are simply some piece of cheap kit, likely running Linux. No different than a laptop setup for the same purpose. They likely come pre-loaded with Airsnort and some exploit utilities; some script kiddie software.

War Driving was spectacularly easy back in the day, things didn't start to get difficult until WPA-TKIP came out, but even at that time there were TONS of wireless networks still using WEP, which was extremely easy to break into. Simplified version: You'd snag a capture, which would give you both SSID and a MAC for a client (in case it was hidden and filtering was on) and you'd just clone that MAC on your hardware and it was not difficult to crack WEP using some very fast, automated tools, allowing you to then participate on that network as an authenticated client.

TKIP made things much more difficult from an encryption perspective, and it was deemed a suitably "secure" interim replacement for WEP until vulnerabilities started to be discovered:
https://community.arubanetworks.com...dge-Base/TKIP-Vulnerabilities/ta-p/25384

On a network without key rotation, obviously the mitigation mechanism (short key rotation intervals) wasn't workable and that still didn't stop people from using the older brute force table method.

Of course even with TKIP, you were looking at a period of time to do this, requiring proximity. This meant they'd be an unlikely target for wardriving.

The best things you can do are:
1. Ensure that you are using WPA2-AES with no legacy support enabled
2. Ensure that you are using a complex network key
3. Ensure that you have the latest firmware on your device to minimize exposure to bugs/ exploits
4. Ensure that you've got a complex admin password on your device
5. Change your wireless power levels to only suitably cover the space you need it to

Some gear will give you to the option to log, and notify you of devices that are trying, and failing, to authenticate.

When WPA3 starts becoming more common, assuming all your devices support it, switching to that would also be advisable. But the above list still applies.
 
Originally Posted by ZeeOSix
Apparently there are devices people can buy so that they can search for broadcasting WiFi networks in the neighborhood and allows them to see the IP address, password, etc, and can log into someone's WiFi modem/router and change it's settings, etc.

Are these devices legal, and is it illegal for someone to use such a device?

If that's true, is there any settings in the modem/router than can be set to stop something like that?


Odds are that a home's network router, if compromised, won't be compromised by a person driving around a neighborhood snooping wireless credentials. Most that get compromised will be accessed from the internet side by an automated script that guesses the admin password based on the router maker's known default admin passwords or takes advantage of a firmware vulnerability to get in and take control.
 
Originally Posted by The_Nuke
Originally Posted by ZeeOSix
Apparently there are devices people can buy so that they can search for broadcasting WiFi networks in the neighborhood and allows them to see the IP address, password, etc, and can log into someone's WiFi modem/router and change it's settings, etc.

Are these devices legal, and is it illegal for someone to use such a device?

If that's true, is there any settings in the modem/router than can be set to stop something like that?


Odds are that a home's network router, if compromised, won't be compromised by a person driving around a neighborhood snooping wireless credentials. Most that get compromised will be accessed from the internet side by an automated script that guesses the admin password based on the router maker's known default admin passwords or takes advantage of a firmware vulnerability to get in and take control.


Yes, I believe the most common compromises happen either this way, or from the LAN side by an infected/compromised client. In fact the latter was experienced by a rash of users a couple of years ago where malware would get on a host which would then hit the router with the attack.
 
Originally Posted by ZeeOSix
Apparently there are devices people can buy so that they can search for broadcasting WiFi networks in the neighborhood and allows them to see the IP address, password, etc, and can log into someone's WiFi modem/router and change it's settings, etc.

Are these devices legal, and is it illegal for someone to use such a device?

If that's true, is there any settings in the modem/router than can be set to stop something like that?


That makes good TV but is highly impractical and unlikely.
 
Originally Posted by Alfred_B
Originally Posted by ZeeOSix
Apparently there are devices people can buy so that they can search for broadcasting WiFi networks in the neighborhood and allows them to see the IP address, password, etc, and can log into someone's WiFi modem/router and change it's settings, etc.

Are these devices legal, and is it illegal for someone to use such a device?

If that's true, is there any settings in the modem/router than can be set to stop something like that?


That makes good TV but is highly impractical and unlikely.


Someone in my neighborhood claims they have a device that can allow them to hack into people's secure modem/routers. Guess I need to talk to him and get more details. Maybe it allows them to get to the log-in page of someone's modem and then he has to run some kind of script to run through passwords - ?.
 
Originally Posted by Soggydog
Funny I read this today...
I got to work Monday and either my phone or my tablet would not connect to our WiFi at work. I didn't think much of it since the network is commonly down, it's very slow and limits content. I went to notify my boss I was taking lunch and saw him perusing his inbox. I asked if the WiFi password had been changed. He informed me over the weekend (when noone was supposed to be there) our WiFi was hacked from a Galaxy 5 from the parking lot so they cut wireless access for now. Apparently the hacker was attempting to access the cities network work through our department and whatever security software in place blocked it.
Our WiFi password is a random mix of numbers and letters in caps and lowercase. Not everyone gets the password and it would be mostly impossible to guess.


This is basically what it sounds like he claims to have the ability to do.
 
Originally Posted by ZeeOSix


...is it illegal for someone to use such a device.



You are asking a legal question here and it is an "Invasion of Privacy."

Suggest you run a search on:

Intrusion Upon Seclusion

False Light

Public Disclosure of Private Facts


And with that this thread is closed.
 
Last edited:
Status
Not open for further replies.
Back
Top