Hacking through WIFI: what is possible?

[Creag]

Salutations.

I was posed an interesting scenario by someone quite paranoid. Got me thinking though.

Whilst I am quite sure that WIFI can be hacked and the hacker can access and use the network, I was wondering what is the worst case scenario in the extent of the hacking?

1. Could the hacker use the hacked WIFI to access my computer?
2. Could the hacker use the hacked WIFI to access my cellphone?

Are these scenarios possible after hacking the WIFI?

My paranoid friend was specifically wondering if some could hack into her phone and read her WhatsApp messages. I think it unlikely, but is it possible?

 

[SLAQ]

Depending on the configuration of the wifi access point it can range from trivial to extremely complex to hack a wifi network. If WEP is being used, simple tools such as aircrack-ng would definitely be able to brute-force the wifi password. For more modern protocols such as WPA2-PSK it all depends on the strength of the password, a common 8 character password provides little security.

Once on the network, a hacker could wreck havoc to some extent. By ARP spoofing, all clear text traffic could be intercepted, modified or logged (including mybb forums). This is regardless of whether you are using your computer or cellphone. Any applications that you download over HTTP could be swopped out and you could inadvertently install some malware, giving the hacker full control over your PC.

If you are using an Android device with outdated software the hacker could gain remote code execution on the device through JavaScript interfaces or exploits (e.g. Samsung Knox arbitrary package install). Same problem with iPhones, some really impressive RCE exploits have been discovered in the last year. However, at this point you are dealing with someone that is not some script kiddy and you got bigger things to worry about than whatsapp.

Whatsapp messages are encrypted and if they are using good cryptographic principles it is unlikely that a hacker would be able to view the messages in transit. As far as I know Whatsapp now generates a key on first launch with which the local message databases are encrypted (used to be a hardcoded key -.-). So it is rather unlikely that a hacker could get to the actual whatsapp messages, however, your d*ck pics that are stored on the SDcard would be easy to extract. If you are running a badly configured rooted or jailbroken device then it is GG, the key with which the database is encrypted could be grabbed from whatsapp's private directory and used to decrypt the databases.

 

[Viva]

Depending on the configuration of the wifi access point it can range from trivial to extremely complex to hack a wifi network. If WEP is being used, simple tools such as aircrack-ng would definitely be able to brute-force the wifi password. For more modern protocols such as WPA2-PSK it all depends on the strength of the password, a common 8 character password provides little security.

Once on the network, a hacker could wreck havoc to some extent. By ARP spoofing, all clear text traffic could be intercepted, modified or logged (including mybb forums). This is regardless of whether you are using your computer or cellphone. Any applications that you download over HTTP could be swopped out and you could inadvertently install some malware, giving the hacker full control over your PC.

If you are using an Android device with outdated software the hacker could gain remote code execution on the device through JavaScript interfaces or exploits (e.g. Samsung Knox arbitrary package install). Same problem with iPhones, some really impressive RCE exploits have been discovered in the last year. However, at this point you are dealing with someone that is not some script kiddy and you got bigger things to worry about than whatsapp.

Whatsapp messages are encrypted and if they are using good cryptographic principles it is unlikely that a hacker would be able to view the messages in transit. As far as I know Whatsapp now generates a key on first launch with which the local message databases are encrypted (used to be a hardcoded key -.-). So it is rather unlikely that a hacker could get to the actual whatsapp messages, however, your d*ck pics that are stored on the SDcard would be easy to extract. If you are running a badly configured rooted or jailbroken device then it is GG, the key with which the database is encrypted could be grabbed from whatsapp's private directory and used to decrypt the databases.

Sounds like you know what you're talking about.

I've always wanted to know: does hiding the SSID of a network do anything to increase the security of the network? To the hacker, that is.

 

[Rickster]

MAC address filtering, Disable SSID Broadcasting, DHCP scope limiting and WPA2 With Hex password is the best.

 

[DA-LION-619]

Also remember to disable WPS.

 

[Baxteen]

personally when you gain access to a wifi network it is because of bad security.

once upon a time there was a 8ta store that had very rude people working there.
they were not helpful in any way shape or form
the wifi password was decent, but I got in within a few minutes, (name of mall 8ta I think was the password) it was pretty long and camel cased, with a number in, decent password.
once I was on the network I saw the router was not configured at all. Admin Admin got me in to the D link router.

I decided to be a nice person and set that up properly for them. I changed the Admin settings on the router then the wifi SSID and re started the router.

 

[MagicDude4Eva]

Most people don't configure security on Wifi at all (including not changing the admin password). The safest configuration is MAC-address filtering, disabling any guest networks. Many people use DynDNS to be able to access services on their network from the outside and I am puzzled by this, as a vulnerable service on your network can compromise everything (why not use VPN - most routers support this).

 

[The_Unbeliever]

I decided to be a nice person and set that up properly for them. I changed the Admin settings on the router then the wifi SSID and re started the router.

That was very nice of you

 

[The_Unbeliever]

Also remember to disable WPS.

On some (if not most) devices WPS cannot be disabled. The config shows that WPS is disabled, but it may still be active.

Most people don't configure security on Wifi at all (including not changing the admin password). The safest configuration is MAC-address filtering, disabling any guest networks. Many people use DynDNS to be able to access services on their network from the outside and I am puzzled by this, as a vulnerable service on your network can compromise everything (why not use VPN - most routers support this).

You use dynDNS coupled with VPN (PPTP, OpenVPN etc) and a proper firewall to make things easier and more secure for you. Paranoid ppl will most probably look at "port knocking" to open a certain port on their firewall...

Ppl who use dynDNS without any form of VPN/firewalling deserve what they are asking for.

 

[SauRoNZA]

A man in the middle attack is the easiest way to hack someone or an entire network.

So yes once they are on the same network (accessed your wifi) it's very very easy to intercept ALL traffic that is passed between your devices and the router.

Stuff that is encrypted (HTTPS) makes things a little bit more difficult, but not impossible.

Stuff that is plain text makes it extremely easy.

And this is where not using the same password comes in.

If for instance you are using the same password for this forum which is non-HTTPS and therefore plain text and I intercept your data your username and password will show up clear as day. Now the hack is basically over, I have your password.

Now I just need to put two and two together and go match that password with your email account that I might have picked up in the middle of intercepting your traffic.

Once I have your email odds are I have every service that you make use of because you used that email to register for all of them. And you used the same password or one very similar that is easy to figure out.


Trust me it's amazing how much I've intercepted in a mere 15 minutes at the airport hotspots on many occasions when flying for business....and I'm an amateur.

Most recently I was away for business and stayed at a guest house with free wifi. By the second evening I had access to someone else's email, porn sites (yes they paid for them) and direct access to their machine and all the data on it purely because they were stupid enough to use the same password everywhere.

Your best defense against this is using 2-stage authentication on every service that offers it.

 

[SauRoNZA]

People worry too much about their home networks and WPS and super strong password.

You aren't that important, nobody cares about your home network. (I'm not saying make your WPA2 key 123456 or leave it wide open) and nobody is going to park outside your house and use a long range wireless sniffer to try and crack your network.

The real danger is the OPEN ACCESS public networks, that's what you should protect yourself against.

*****

And for the love of all that is holy...ignore the honey pots. If you see a SSID that claims to be "FREE WIFI" or some other *** that isn't from a known company IGNORE it.

I have caught so many many many people with long range transmitter and simply leaving it wide open for "free internet".

Nothing is ever free.

 

[gregmcc]

The biggest curse is free wifi. Its easy enough to put up a rogue hotspot to capture unencrypted traffic.

You should be paranoid with wifi. The amount of AP's that have no protection or use minimal protection/default passwords is scary.

Even relying on MAC filtering is not a good thing. Its fairly trivial to bypass. I've got my AP in a DMZ

 

[Wall]

People worry too much about their home networks and WPS and super strong password.

You aren't that important, nobody cares about your home network. (I'm not saying make your WPA2 key 123456 or leave it wide open) and nobody is going to park outside your house and use a long range wireless sniffer to try and crack your network.

The real danger is the OPEN ACCESS public networks, that's what you should protect yourself against.

*****

And for the love of all that is holy...ignore the honey pots. If you see a SSID that claims to be "FREE WIFI" or some other *** that isn't from a known company IGNORE it.

I have caught so many many many people with long range transmitter and simply leaving it wide open for "free internet".

Nothing is ever free.

yeah, I'd never type a password on an open network.

 

[SauRoNZA]

yeah, I'd never type a password on an open network.

LOL.

You think people type passwords? It's all automated buddy. When you open www.gmail.com or whatever it's just sent through again and the data is right there is the packet.

Typing it isn't the problem, it's the fact that it's generally cached already and gets sent hundreds of times back and forth.

 

[Nimz]

I wish I knew how to do all of this @SauRoNZA

 

[Wall]

LOL.

You think people type passwords? It's all automated buddy. When you open www.gmail.com or whatever it's just sent through again and the data is right there is the packet.

Typing it isn't the problem, it's the fact that it's generally cached already and gets sent hundreds of times back and forth.

/goes to change all passwords

 

[SauRoNZA]

I wish I knew how to do all of this @SauRoNZA

Like I say I'm VERY amateur with this. I did some security training and then went on a rampage for a few weeks before settling down.

I can easily get to plain-text information on the same network but when it comes to intercepting secure traffic and spoofing certificates and the like I'm a little lost and frankly not THAT interested.

To me most of the fun is actually the non-hacking stuff where you've already got a little bit of information and then manually construct the rest of it like a puzzle.

If you are seriously interested you'll want to look at doing the CEH - Certified Ethical Hacker courses but be warned it is one the hardest exams in IT. You also need to be a little bit off your rocker...every single CEH or aspiring CEH I know is a bit of a whack job.

 

[SauRoNZA]

/goes to change all passwords

Good man.

Like I say, 2-stage authentication is your friend. If you are using Gmail for instance without it then you should be shot. Your email address is your number one downfall should you get hacked, everything else is secondary.

Cloud services are of course number two and most of them support 2-stage as well.

 

[Nimz]

Like I say I'm VERY amateur with this. I did some security training and then went on a rampage for a few weeks before settling down.

I can easily get to plain-text information on the same network but when it comes to intercepting secure traffic and spoofing certificates and the like I'm a little lost and frankly not THAT interested.

To me most of the fun is actually the non-hacking stuff where you've already got a little bit of information and then manually construct the rest of it like a puzzle.

If you are seriously interested you'll want to look at doing the CEH - Certified Ethical Hacker courses but be warned it is one the hardest exams in IT. You also need to be a little bit off your rocker...every single CEH or aspiring CEH I know is a bit of a whack job.

lol, maybe you could just teach me what you know. I'm sure that will be enough

 

[Wall]

Good man.

Like I say, 2-stage authentication is your friend. If you are using Gmail for instance without it then you should be shot. Your email address is your number one downfall should you get hacked, everything else is secondary.

Cloud services are of course number two and most of them support 2-stage as well.

Yeah, I've got 2 factor authentication on gmail.