• After 15+ years, we've made a big change: Android Forums is now Early Bird Club. Learn more here.

I think my WiFi got hacked!

Doit2it

Doit2it

Android Expert
I happened to go into my routers setup this morning and I saw two additional android devices listed other than my phone and tablet.

I was using WPA2 with a 26 character password of random numbers and letters. The letters were all caps, which would have been a slight degradation of the password's strength. I had WPS turned off, because I've read that's a vulnerability for cracking secured routers. Yes, I've had the password for a long time.

Now I have a random password more than double the length of the original. Numbers, letters (caps and non), and symbols. I also blocked the Mac addresses of the two android devices I saw.

I tried turning off my SSID broadcast, but neither of my android devices would connect even though I entered the password. My router help files state it should work, but it doesn't. Any ideas on that?

I know a longer SSID will make breaking more difficult to hackers. Mine is just 7 characters now (Doit2it). Vanity!
 
For your mac address filtering, are you using a black list or white list? I white list so the addresses on that list can connect.
 
Yes, I black listed them. If I had white listed them, my devices wouldn't be working. I thought about white listing my 6 devices (4 wired, 2 wireless), then they couldn't use another device to access my router, even if they did crack it again. I probably will. Unfortunately, my router will not do both. I don't think.
 

Attachments

  • Image1.jpg
    Image1.jpg
    65.3 KB · Views: 73
Well you don't need to do both. A white list will reject all but what you have on the allowed list.
 
The issue might you is your random password. There are ways to get a password if its preset. I thought once someone hacked my router, but then I realized that I have a smart tv that I never use.
 
Change your password to something where numbers replace the letters.

Say your router password is America123. Replace A/a with 4, e with 3 and i with 1: 4m3r1c4123.

No need to change the SSID. It's basically just an address, and you're broadcasting it anyway.

If you're still having issues or concerns, switch to whitelisting MAC addresses as Codegerm was alluding to. Meaning that only the address in the list will be able to connect to the router and all others will be rejected. This is actually easier to do that blacklisting as you don't have to actively monitor what is connected to your router.
 
I'm not really sure that the SSID is factored in a really meaningful way when it comes to breaking WPA. I could be wrong, but I've never heard that.

Now, it looks like you are filtering MAC addresses, which isn't too bad of a move. Most often, this will stop an attacker. But what about a determined foe? They'll likely spoof their mac address. I'd do it. So both whitelist and blacklist are not likely to be much help here. Whitelist would be better because they'd need to know one of your approved device's MAC address instead of just using a random address.

Now, here's what I'd do. I'd watch em. Notice when they log in. See what times this is. Then, one night when they are not on, make some changes.

These changes can be anything. Something fun, or something a bit more harmful. I like both ideas myself. We'll start with something fun.

Now, remember, you are in full control here. They are using *your* connection. That means they implicitly trust you. Unless they're using some kind of VPN... but I'd bet not.

Okay, so they trust you. You don't like them fooling around with your stuff. I mean, they are stealing your internet (not something *I'd* ever do.... >.>) Well, set up a proxy. Route all traffic from the router to a computer. Have that computer forward everything to a proxy of some sort (squid is nice). Use some fun scripts to maybe... flip the web upside down. Or maybe redirect everything to kittenwars.com. :)

Some other things you can do... Look into this awesome program by the main man himself - MOXIE! :) It's called SSLStrip. It means that they can't bypass any of your internet fun by using https. It also means their encrypted traffic isn't. So, you could also find some really interesting info this way. ;)

:) Just look up the UpsideDownternet. It's easily one of the more entertaining articles I've read: pure nerdy goodness.
 
If someone successfully cracked your network, they have probably been running a wifi sniffing program for awhile.

You could change your wifi settings, then connect all your devices, then discontinue broadcasting SSID. Wifi Sniffing programs last time I checked into them cannot sniff SSIDless networks.
On the client side you will have to tick the "connect even if not broadcasting ssid" type options.
 
7Priest7 said:
If someone successfully cracked your network, they have probably been running a wifi sniffing program for awhile.

You could change your wifi settings, then connect all your devices, then discontinue broadcasting SSID. Wifi Sniffing programs last time I checked into them cannot sniff SSIDless networks.
On the client side you will have to tick the "connect even if not broadcasting ssid" type options.
Click to expand...
It's a bit of a myth actually. I suppose the only 'security' benefit of not having an SSID broadcast is that the SSID becomes 'obscure'. And security through obscurity isn't real security. ;)

Another example of this would be to run a web server on port 8080 instead of 80. Not really any more secure, just a bit ... different.

And cracking and sniffing are a bit different in this regard. The sniffer will just pick up frames passing through the air - both encrypted and not. The unencrypted traffic includes open networks, but also management frames created by 802.11. Some of those types of frames is used for client and station association. One type, a probe request, is made by the client to the station and it includes the SSID, even if it is not being broadcast by the station (beacon frames). So even if the SSID isn't being broadcast, the SSID is displayed in plaintext in a pcap. And most of the crackers I've played around with work with MAC address and channels.

But, as it turns out, not broadcasting your SSID is in violation of 802.11 standards (something that I just learned tonight). Which would explain why some devices in OP's example didn't work properly.

[I love it when threads start heading in an infosec direction :D ]
 
9to5cynic said:
I'm not really sure that the SSID is factored in a really meaningful way when it comes to breaking WPA. I could be wrong, but I've never heard that.

Now, it looks like you are filtering MAC addresses, which isn't too bad of a move. Most often, this will stop an attacker. But what about a determined foe? They'll likely spoof their mac address. I'd do it. So both whitelist and blacklist are not likely to be much help here. Whitelist would be better because they'd need to know one of your approved device's MAC address instead of just using a random address.

Now, here's what I'd do. I'd watch em. Notice when they log in. See what times this is. Then, one night when they are not on, make some changes.

These changes can be anything. Something fun, or something a bit more harmful. I like both ideas myself. We'll start with something fun.

Now, remember, you are in full control here. They are using *your* connection. That means they implicitly trust you. Unless they're using some kind of VPN... but I'd bet not.

Okay, so they trust you. You don't like them fooling around with your stuff. I mean, they are stealing your internet (not something *I'd* ever do.... >.>) Well, set up a proxy. Route all traffic from the router to a computer. Have that computer forward everything to a proxy of some sort (squid is nice). Use some fun scripts to maybe... flip the web upside down. Or maybe redirect everything to kittenwars.com. :)

Some other things you can do... Look into this awesome program by the main man himself - MOXIE! :) It's called SSLStrip. It means that they can't bypass any of your internet fun by using https. It also means their encrypted traffic isn't. So, you could also find some really interesting info this way. ;)

:) Just look up the UpsideDownternet. It's easily one of the more entertaining articles I've read: pure nerdy goodness.
Click to expand...

Yeesh, this is getting into the grey area of the law (the last part...). Just send them a message.
 
You must log in or register to reply here.
Back
Top Bottom