Hacker
Professional
- Messages
- 1,044
- Reaction score
- 806
- Points
- 113
What can you get by hacking a Wi-Fi router?
It is curious that most users understand the danger of hacking their computer, since an attacker can gain access to their personal data, photos, passwords. It is very important to understand that hacking a router is a precursor to hacking a computer. Once inside a router, a hacker can:
How to get to the router settings
In most cases, a web interface is used to manage routers, i.e. you can make all the settings directly from the browser. Your computer and your router are on the same local network (it doesn't matter if you use Wi-Fi or wire). To get "inside" your router, type 192.168.0.1 in the browser line
If this address does not work, then sometimes it can be 192.168.1.1
Sometimes it is necessary to change the port: 192.168.1.1:8080 or 192.168.0.1:8080
You will be greeted with a form to enter your username and password. They can be seen in the device passport, on the box, on the case. Or just search the Internet for the default credentials for your router.
Each model has its own peculiarities of interface design and grouping of settings, but usually there are always items "Wireless network", "Local network" and "Internet". The menu items and settings may have a slightly different name, but having understood the meaning of the setting, you can easily find it in your home.
Recommendations for protecting the router and Wi-Fi access point from hacking
Use a password to access your network
Do not leave your wireless network open ("Open"), select encryption (authentication method) WPA or WPA2.
Refuse to use the WEP algorithm
WEP is an outdated, largely obsolete Wi-Fi security algorithm. It can be hacked in minutes. Nevertheless, there are still WEP access points, so check yours and if it uses WEP for encryption, then switch to WPA or WPA2.
Disable WPS
WPS (Wi-Fi Protected Setup) provides an easy but not secure way to create a wireless network. Depending on the degree of vulnerability, WPS, and then Wi-Fi password, can be cracked in a day or even in a matter of minutes.
Set a strong password
Since, by its very nature, a Wi-Fi network is available to anyone within range of its operation, anyone can try to connect to it by trying different passwords (called online brute-force). Another technique is also popular, which is based not on connection attempts, but on capturing certain data that a legitimate user and an access point exchange at the time of connection and their subsequent hacking (offline brute-force). The use of the latter allows brute-force attacks at a rate of tens and hundreds of thousands of passwords per second. You can only defend against such an attack by setting a long and complex password.
The following rules will allow you to almost guaranteed to protect yourself from any brute-force attacks:
The screenshot above shows that routers often use generated passwords consisting of eight characters and including three character classes (uppercase and lowercase letters, numbers): L95atyz7, 6rQTeRBb, YssvPT4m, WJ5btEX3, dn8MVX7T. Cracking such passwords on a typical home computer will take 1-3 years of continuous brute force attack. BUT, having assembled a computer on several top-end video cards (by making something like a "farm" for mining), a complete search of such a password can be reduced to one or several months. In my opinion, such passwords cannot be considered reliable. As already mentioned, add a fourth character class (syntax characters) and increase the number of characters - this will guarantee you that your Wi-Fi network will not be hacked even with the use of very powerful equipment.
Check your 5 GHz network settings
Many users are unaware that their router operates in dual frequency bands: 2.4 GHz and 5 GHz. If you have secured one range but forgot the other, then the attacker can take advantage of this. Set a strong password for the 5 GHz network, disable WPS for it. If you are not using the 5 GHz band, then you can simply turn it off.
Set a strong password to enter the router admin panel
As already mentioned, your router is connected to local and global networks, where anyone can try to connect to it. To prevent an attacker from guessing your password, set a long password using different character classes.
Change admin name
Change the username from Admin / admin to something less predictable - this will further complicate the task of guessing the password.
Disable access to the control panel of the router from the Internet
In the overwhelming majority of cases, you only need to access the administration panel of the router from the local network. If you do not need access to the settings of the router from the external network (from the Internet), then disable it, this will prevent the attacker from trying to guess the login password. This setting may be referred to as Enable Web Access from WAN.
Update your router's firmware
Even with a strong password, an attacker can gain access to the router or receive this password in clear text if the router contains a vulnerability. New firmware from manufacturers should fix vulnerabilities and other bugs, improve stability and functionality, so regularly (every few months) check for new firmware and update them on your router.
Search for vulnerabilities in the router
Unfortunately, sometimes vulnerabilities are found after the manufacturer stops supporting the router. This can lead to a situation where hackers are aware of a vulnerability in your router, but there are no firmware updates.
You can check your router for vulnerabilities using the Router Scan by Stas'M program. It is a fairly easy to use GUI program.
If you are familiar with Linux, then you can use a similar program RouterSploit, which may contain exploits that are not in Router Scan.
If your router turns out to be vulnerable without the possibility of updating the firmware, then it is recommended to stop using it and replace it with a new one.
Disable unused network services
The more complex the device, the more potential points for a hacker's efforts. Many of the online services and additional functions are not used by most users, and some of them also contain known vulnerabilities. Therefore, disable SSH, FTP, Telnet, Internet file sharing (like AiDisk), file / media server (like UPnP), SMB (Samba), TFTP, IPv6, and others that you don't need.
Enable HTTPS for Administrative Connections
It is disabled by default on most routers. This setting will allow you to prevent the interception of your password from the router's admin panel if you connect to it from the Internet, or during man-in-the-middle attacks, if an attacker has already entered your local network.
Exit (log out) when you finish working in the router
Simply closing the page can leave the authorization session on the router open.
Turn on logging
It's a good habit to check your logs for suspicious activity from time to time. Adjust clock and timezone correctly to make the logs more accurate.
Check logs, control connected devices
This already refers to detecting a hacked router - this issue will be discussed in more detail below.
Set up the "Guest" network
Many modern routers can create separate guest networks.
Make sure it can only access the Internet and not the local network. Naturally, use WPA2 and of course the password must be different, not the same as your main Wi-Fi.
Additional steps to secure your router
If the previous one is not enough for you, then here are some more tips for you.
Change the range of IP addresses set by default for your local network
All user routers that I have seen have the same local address range. This is 192.168.1.x or 192.168.0.x. This facilitates automated script attacks.
Available ranges:
Change the default local address of the router
If someone breaks into your network, they know for sure that the address of your router is xxx1 or xxx254, we will make it difficult for them to do it.
Limit administrative access over the wireless network
This is not for everyone. For example, it may be that absolutely all computers are connected only via a wireless network. But if it can be done, then it will greatly complicate the task of the attacker.
Using MAC filter
This is not an effective method of protection, since an attacker can easily find out the bypassed MAC addresses and forge them. You don't need to rely on this protection.
Hiding the network
Ineffective from a safety point of view. It does not compromise security, but does not increase it either, since an attacker can easily find out the name of the network.
Signs of a hacked Wi-Fi router
Changing router settings without your knowledge
If illegal users have changed any settings, and especially changed the password for entering the administration panel, DNS settings, VPN, then this is a sign that a hacker has gained access to your router.
Control devices connected to your local network
For this, programs such as NetworkConnectLog and Wireless Network Watcher can be used.
An unauthorized connection means your network has been compromised.
View the router log
If your router supports logging that records the device administrator's login, then check it regularly for suspicious activity.
Identifying man-in-the-middle attacks and strange network disruptions
Advanced users, in addition to discovering new devices on the network, can also take action to identify attacks that have begun against them.
Strange network disruptions can also indicate changes in the settings of network equipment and interception / modification of traffic by an attacker.
It is curious that most users understand the danger of hacking their computer, since an attacker can gain access to their personal data, photos, passwords. It is very important to understand that hacking a router is a precursor to hacking a computer. Once inside a router, a hacker can:
- perform a man-in-the-middle attack, which aims to intercept passwords and other data that you transmit over the network;
- perform a man-in-the-middle attack aimed at infecting the user's computer with a backdoor or trojan;
- carry out phishing attacks aimed at obtaining logins and passwords from sites, luring money, infecting a computer with a backdoor or trojan;
- monitor the network activity of users;
- block the Internet connection completely or to individual sites;
- use your Internet connection for criminal activities (law enforcement will see your IP as a cybercriminal's address);
- access webcams and other peripherals connected to your router
- make changes to the router's firmware.
How to get to the router settings
In most cases, a web interface is used to manage routers, i.e. you can make all the settings directly from the browser. Your computer and your router are on the same local network (it doesn't matter if you use Wi-Fi or wire). To get "inside" your router, type 192.168.0.1 in the browser line
If this address does not work, then sometimes it can be 192.168.1.1
Sometimes it is necessary to change the port: 192.168.1.1:8080 or 192.168.0.1:8080
You will be greeted with a form to enter your username and password. They can be seen in the device passport, on the box, on the case. Or just search the Internet for the default credentials for your router.
Each model has its own peculiarities of interface design and grouping of settings, but usually there are always items "Wireless network", "Local network" and "Internet". The menu items and settings may have a slightly different name, but having understood the meaning of the setting, you can easily find it in your home.
Recommendations for protecting the router and Wi-Fi access point from hacking
Use a password to access your network
Do not leave your wireless network open ("Open"), select encryption (authentication method) WPA or WPA2.
Refuse to use the WEP algorithm
WEP is an outdated, largely obsolete Wi-Fi security algorithm. It can be hacked in minutes. Nevertheless, there are still WEP access points, so check yours and if it uses WEP for encryption, then switch to WPA or WPA2.
Disable WPS
WPS (Wi-Fi Protected Setup) provides an easy but not secure way to create a wireless network. Depending on the degree of vulnerability, WPS, and then Wi-Fi password, can be cracked in a day or even in a matter of minutes.
Set a strong password
Since, by its very nature, a Wi-Fi network is available to anyone within range of its operation, anyone can try to connect to it by trying different passwords (called online brute-force). Another technique is also popular, which is based not on connection attempts, but on capturing certain data that a legitimate user and an access point exchange at the time of connection and their subsequent hacking (offline brute-force). The use of the latter allows brute-force attacks at a rate of tens and hundreds of thousands of passwords per second. You can only defend against such an attack by setting a long and complex password.
The following rules will allow you to almost guaranteed to protect yourself from any brute-force attacks:
- use a long password. Wi-Fi password cannot be less than eight characters. Whenever possible, try to use passwords of 10 or more characters;
- the password should not be a meaningful phrase, consist of several combined meaningful words, since this version of the password can be cracked using a dictionary;
- use four classes of characters in your password: numbers, upper and lower case letters, punctuation marks;
- from time to time, for example, every few months, change your password to a new one.
The screenshot above shows that routers often use generated passwords consisting of eight characters and including three character classes (uppercase and lowercase letters, numbers): L95atyz7, 6rQTeRBb, YssvPT4m, WJ5btEX3, dn8MVX7T. Cracking such passwords on a typical home computer will take 1-3 years of continuous brute force attack. BUT, having assembled a computer on several top-end video cards (by making something like a "farm" for mining), a complete search of such a password can be reduced to one or several months. In my opinion, such passwords cannot be considered reliable. As already mentioned, add a fourth character class (syntax characters) and increase the number of characters - this will guarantee you that your Wi-Fi network will not be hacked even with the use of very powerful equipment.
Check your 5 GHz network settings
Many users are unaware that their router operates in dual frequency bands: 2.4 GHz and 5 GHz. If you have secured one range but forgot the other, then the attacker can take advantage of this. Set a strong password for the 5 GHz network, disable WPS for it. If you are not using the 5 GHz band, then you can simply turn it off.
Set a strong password to enter the router admin panel
As already mentioned, your router is connected to local and global networks, where anyone can try to connect to it. To prevent an attacker from guessing your password, set a long password using different character classes.
Change admin name
Change the username from Admin / admin to something less predictable - this will further complicate the task of guessing the password.
Disable access to the control panel of the router from the Internet
In the overwhelming majority of cases, you only need to access the administration panel of the router from the local network. If you do not need access to the settings of the router from the external network (from the Internet), then disable it, this will prevent the attacker from trying to guess the login password. This setting may be referred to as Enable Web Access from WAN.
Update your router's firmware
Even with a strong password, an attacker can gain access to the router or receive this password in clear text if the router contains a vulnerability. New firmware from manufacturers should fix vulnerabilities and other bugs, improve stability and functionality, so regularly (every few months) check for new firmware and update them on your router.
Search for vulnerabilities in the router
Unfortunately, sometimes vulnerabilities are found after the manufacturer stops supporting the router. This can lead to a situation where hackers are aware of a vulnerability in your router, but there are no firmware updates.
You can check your router for vulnerabilities using the Router Scan by Stas'M program. It is a fairly easy to use GUI program.
If you are familiar with Linux, then you can use a similar program RouterSploit, which may contain exploits that are not in Router Scan.
If your router turns out to be vulnerable without the possibility of updating the firmware, then it is recommended to stop using it and replace it with a new one.
Disable unused network services
The more complex the device, the more potential points for a hacker's efforts. Many of the online services and additional functions are not used by most users, and some of them also contain known vulnerabilities. Therefore, disable SSH, FTP, Telnet, Internet file sharing (like AiDisk), file / media server (like UPnP), SMB (Samba), TFTP, IPv6, and others that you don't need.
Enable HTTPS for Administrative Connections
It is disabled by default on most routers. This setting will allow you to prevent the interception of your password from the router's admin panel if you connect to it from the Internet, or during man-in-the-middle attacks, if an attacker has already entered your local network.
Exit (log out) when you finish working in the router
Simply closing the page can leave the authorization session on the router open.
Turn on logging
It's a good habit to check your logs for suspicious activity from time to time. Adjust clock and timezone correctly to make the logs more accurate.
Check logs, control connected devices
This already refers to detecting a hacked router - this issue will be discussed in more detail below.
Set up the "Guest" network
Many modern routers can create separate guest networks.
Make sure it can only access the Internet and not the local network. Naturally, use WPA2 and of course the password must be different, not the same as your main Wi-Fi.
Additional steps to secure your router
If the previous one is not enough for you, then here are some more tips for you.
Change the range of IP addresses set by default for your local network
All user routers that I have seen have the same local address range. This is 192.168.1.x or 192.168.0.x. This facilitates automated script attacks.
Available ranges:
- Any 10.xxx
- Any 192.168.xx
- 172.16.xx to 172.31.xx
Change the default local address of the router
If someone breaks into your network, they know for sure that the address of your router is xxx1 or xxx254, we will make it difficult for them to do it.
Limit administrative access over the wireless network
This is not for everyone. For example, it may be that absolutely all computers are connected only via a wireless network. But if it can be done, then it will greatly complicate the task of the attacker.
Using MAC filter
This is not an effective method of protection, since an attacker can easily find out the bypassed MAC addresses and forge them. You don't need to rely on this protection.
Hiding the network
Ineffective from a safety point of view. It does not compromise security, but does not increase it either, since an attacker can easily find out the name of the network.
Signs of a hacked Wi-Fi router
Changing router settings without your knowledge
If illegal users have changed any settings, and especially changed the password for entering the administration panel, DNS settings, VPN, then this is a sign that a hacker has gained access to your router.
Control devices connected to your local network
For this, programs such as NetworkConnectLog and Wireless Network Watcher can be used.
An unauthorized connection means your network has been compromised.
View the router log
If your router supports logging that records the device administrator's login, then check it regularly for suspicious activity.
Identifying man-in-the-middle attacks and strange network disruptions
Advanced users, in addition to discovering new devices on the network, can also take action to identify attacks that have begun against them.
Strange network disruptions can also indicate changes in the settings of network equipment and interception / modification of traffic by an attacker.
