Technical Discussion
  >> Home Networking, Internet Connection Sharing, etc.


Register (or login) on our website and you will not see this ad.


Pages in this thread: 1 | 2 | 3 | 4 | 5 | 6 | (show all)   Print Thread
Standard User eckiedoo
(fountain of knowledge) Fri 02-Mar-18 11:43:19
Print Post

Proven Wi-Fi Hacking


[link to this post]
 
Arising from a course I am participating in, I wonder how many cases of PROVEN Wi-Fi Hacking are known directly to TBB Forum members?

As opposed to Suspected etc.
Standard User gomezz
(eat-sleep-adslguide) Fri 02-Mar-18 13:21:44
Print Post

Re: Proven Wi-Fi Hacking


[re: eckiedoo] [link to this post]
 
Hacking or cracking?

I hacked my old Netgear route by installing a third party firmware.

BT Infinity 1 (unlimited)
Standard User eckiedoo
(fountain of knowledge) Fri 02-Mar-18 14:26:30
Print Post

Re: Proven Wi-Fi Hacking


[re: gomezz] [link to this post]
 
Thanks for raising the point.

One of the other course members is worried about persons gaining access to his WiFi signals by logging in from outside his house, ie managing to gain access by somehow discovering the conventional Password etc,

That is - NOT by actually accessing/changing the Router Software or anything akin to that,


Register (or login) on our website and you will not see this ad.

Standard User philjohn
(newbie) Fri 02-Mar-18 15:14:50
Print Post

Re: Proven Wi-Fi Hacking


[re: eckiedoo] [link to this post]
 
There was an ISP handing out modems that had the wireless key calculated from the MAC code, which were trivial to get into.

But as long as you don't have an open wifi network, and are using WPA2 it's highly unlikely, I've certainly never heard of it happening.
Standard User eckiedoo
(fountain of knowledge) Fri 02-Mar-18 17:15:56
Print Post

Re: Proven Wi-Fi Hacking


[re: philjohn] [link to this post]
 
Interesting about the MAC Code.

Like yourself, I have not directly encountered such hacking; but I hear it mentioned often enough that in conjunction with that course participant's concern, made me wonder about the "hard facts".
Standard User ukhardy07
(knowledge is power) Fri 02-Mar-18 18:07:13
Print Post

Re: Proven Wi-Fi Hacking


[re: eckiedoo] [link to this post]
 
Absolutely possible with the technical knowhow and determination. We do it out at some of our client sites.

At home, often the WPS is vulnerable, so you can compromise with no brute-force.
A certain ISP supplied kit where the WPS keys are mapped to the MAC, hence it takes <10 seconds to get in.
https://groups.google.com/forum/#!topic/uk.telecom.b...

Newer devices supplied by ISPs, you have to brute force the WPA2 key, however given every Sky Router, HomeHub etc has the same password length, that greatly reduces your possibilities. IE if you know every BTHub6 is a 10 digit password, you only try out 10 digit passwords.

The attack works by kicking a user off the access point, which can be done without knowledge of the WPA2 password. When it authenticates back in you capture the WPA2 handshake. This is now cracked offline, so the attack is somewhat undetected apart from a split second where 1 device is kicked off the AP for a few seconds, everything else is done offline.

We have a success rate of approx 50% out at client sites, largely since their choice of password is nothing too complex. Fortunately, this often gets us into Guest networks, whereas the corporate network operates WPA-2 Enterprise, a whole different beast.

Where the WPS is really flawed, you can see the PW is obtained in a couple of minutes:
https://www.youtube.com/watch?v=K6rhsoIaFhE

More complex, WPA2 compromise:
https://www.youtube.com/watch?v=kpI3fQjf43E

You generally would not use a dictionary in Kali as per the video, but some sort of cracking machine or even better there is a whole bunch of online tools designed for this type of cracking, some are more custom than others, and these have a lot of power to try combinations way faster. One site, you pay 5 euros and usually within 7 days it either has it, or not.

This topic is purely for your own educational purposes, not to check out on an unauthorised device.

Hard Fact wise: 100% possible, reality check: Rarely carried out given the low price of home internet alongside limited WiFi Range. A password is enough to put off 99%+ of people. Also, those with the ability to do it are usually techy and not to stereotype but they would rather have management of their technology, ability to pick their speed package, have a few wired devices (NAS etc).

Edited by ukhardy07 (Fri 02-Mar-18 18:28:31)

Standard User ggremlin
(experienced) Fri 02-Mar-18 19:14:04
Print Post

Re: Proven Wi-Fi Hacking


[re: ukhardy07] [link to this post]
 
just to add to ukhardy's excellent answer,
devices within your network (cctv cams for example) are often more vulnerable, - and the 'attacker' doesn't need to be nearby.

although it doesn't add to security, I try to have a 'legitimate' route to the internet - ie btwifi/fon, so people don't need to break into the network for their internet fix.
and yes I change default router name/password & wps requiring a button press etc

edit: though any 'sensitive' network I setup has NO wifi to it

Edited by ggremlin (Fri 02-Mar-18 19:41:03)

Standard User nemeth782
(committed) Fri 02-Mar-18 19:32:39
Print Post

Re: Proven Wi-Fi Hacking


[re: eckiedoo] [link to this post]
 
On moving house once, a number of years ago, I cracked a neighbour's wifi (via WPS) because I had no internet for like a month waiting for BT to install...
Standard User eckiedoo
(fountain of knowledge) Fri 02-Mar-18 19:39:58
Print Post

Re: Proven Wi-Fi Hacking


[re: ukhardy07] [link to this post]
 
Thanks very much for your explanation - and also that it would appear to occur very rarely with the typical domestic Wi-Fi circuits.

Interesting that so far, no one has responded with knowing a proven occurrence involving a typical domestic installation, aside from Nemeth's admission - early days though.
Standard User eckiedoo
(fountain of knowledge) Tue 06-Mar-18 11:43:53
Print Post

Re: Proven Wi-Fi Hacking


[re: eckiedoo] [link to this post]
 
Given the present lack of response, let's open the criteria a bit, by asking -

Anyone encountered situations that strongly suggests that there is any significant amounts of hacking of Domestic WiFi networks?
Pages in this thread: 1 | 2 | 3 | 4 | 5 | 6 | (show all)   Print Thread

Jump to