41

One of my neighbours hacked the password of my router and he uses my limited internet package. I change the wifi SSID almost daily, but he can hack it easily. Today, he changed the SSID to a hate speech "insult".

How can I stop him? I need a quick and powerful solution. Is there any easy-to-use software that protects my wifi?

I have an idea but I don't know how to do it. Sometimes my mobile (smart phone) finds a wifi network that does not have a password. So, I can connect to it easily. When I access the internet, all websites are unavailable. And I can not surf any webpage. How to do something like that?

Edit: I'm Using WPA/WPA2 PSK

schroeder
  • 123,438
  • 55
  • 284
  • 319
user2824371
  • 539
  • 1
  • 4
  • 7
  • Comments are not for extended discussion; this conversation has been [moved to chat](http://chat.stackexchange.com/rooms/32797/discussion-on-question-by-user2824371-somebody-hacked-my-router-and-changed-my-w). – Rory Alsop Dec 10 '15 at 13:37
  • 1
    This isn't a long-term solution, but when you're not using your internet unplug the router from the modem. Your neighbor might still break in, but won't be able to use your internet. – robert Dec 10 '15 at 22:56
  • 7
    Is this 'router' provided by the ISP, or something you purchased? If it is your equipment, then a full reset + reconfigure would be a good idea. If it is ISP owned, I would contact your ISP and ask them for help doing a full reset+reconfigure. – Zoredache Dec 10 '15 at 23:01
  • 3
    the most common hack on WPA is to intercept a handshake and to run a dictionary attack on it. so if you haven't yet, use strong password. nothing that looks like a word or anything. something like one of those: https://www.random.org/passwords/?num=5&len=16&format=html&rnd=new – njzk2 Dec 11 '15 at 15:20
  • 3
    Isn't this a question for SuperUser? I mean, it's not about how to implement/deploy a security solution, only about how to use existing security options. – Dmitry Grigoryev Dec 11 '15 at 15:22
  • 8
    If you are really using WPA with a password of a decent length, maybe the point failure is somewhere else? Maybe you have a trojan on your computer? – Christian Dec 11 '15 at 15:30
  • 1
    Put a STRONG password on your darn router admin account!!!!!!!!!!!! "Hacking" WPA takes a long, long time, so it's unlikely he's actually "hacking" the wifi. Also, make sure you have a STRONG password for your wifi access as well. Problem solved. – SnakeDoc Dec 11 '15 at 20:23
  • @SnakeDoc how would they access the router unless they are on the network? (also, hack a weak wpa password takes not time at all). – njzk2 Dec 11 '15 at 20:50
  • @njzk2 It takes quite a bit of effort... and for what outcome? To "mess" with the neighbor? How does the OP know it's the neighbor? It sounds like the OP doesn't know how to configure their router, and have a default password somewhere, or is just changing the SSID (as described in the OP's post) but NOT the password (meaning one could just re-connect over and over). – SnakeDoc Dec 11 '15 at 20:52
  • @SnakeDoc After reading all the comments, I'm not 100% convinced that there's any hacking going on. This could simply be a case of the OP mistaking the neighbor's rude SSID for a hack on their own wifi. – Brian Dec 11 '15 at 21:45
  • 6
    @Brian Correct, I agree it's very unlikely any "hacking" is happening here. We're seeing the "I'm hacked" claim more and more across the SE network, usually boils down to the OP not understanding what's going on, so defaulting to a claim of being "hacked". To perform this "hack" it would require quite a lot of time, and technical know-how. And the outcome is simply temporary internet access? I don't buy it, it's simply not worth the "attacker's" time. OP has something configured wrong... – SnakeDoc Dec 11 '15 at 21:52
  • 1
    Please note that in many countries, such actions are illegal (e.g., [the USA](https://en.wikipedia.org/wiki/Computer_Fraud_and_Abuse_Act)) and thus can be reported to the police, and the perpetrator could be charged with a crime. – ErikE Dec 12 '15 at 01:16
  • Using Reaver/Bully/etc, hacking many wifi routers can be done in no time at all. If you know who does it, and are able to collect their MAC address, simply provide this info to the police. The only way (in the UK anyways) the police do anything is if you provide evidence and go so far as to find the "suspect" in advance. Yes, I know that a MAC address can be spoofed however why would one have a spoofer installed for casual browsing? – ggdx Dec 12 '15 at 22:44

7 Answers7

73

There are two different passwords that access different functions. If an attacker has the admin password, then he / she can change the SSID, WiFi password, and any other settings on the WiFi router.

To fix: ensure your WiFi security setting is WPA or WPA2. Then change the WiFi password to a long one (at least 12 characters, more is better) with special characters and numbers (such as #, $ %, !, 1, 6, see for example Is there any point in using 'strong' passwords?). Also, make sure the admin password on the WiFi router is changed from the factory default. This admin password is different than the WiFi password. It should also be a long complicated password, but do NOT make it the same as the WiFi password. The WiFi password is the one you give to friends and family to access your WiFi. The admin password should be kept with you only, or people you REALLY trust, as it can be used to change WiFi settings. Once this is done, change the SSID back to one you like.

Also, make sure to disable the feature called Wi-Fi Protected Setup (WPS). See http://www.howtogeek.com/176124/wi-fi-protected-setup-wps-is-insecure-heres-why-you-should-disable-it/ for details on why WPS is not recommended.

If the attacker is still able to change the SSID and any passwords, your system is more deeply compromised and I would recommend contacting a computer expert or store who can help you clean your system. They can also give you advice on if there is anything local law enforcement can do, as your attacker is likely committing a crime.

Stone True
  • 2,022
  • 2
  • 17
  • 25
  • 29
    Worth noting: [Some routers don't disable WPS when you switch it to 'Off' in the admin panel.](http://arstechnica.com/business/2012/01/hands-on-hacking-wifi-protected-setup-with-reaver/) In that case, you need to buy a new router. – thunderblaster Dec 10 '15 at 19:21
  • 3
    8 is too low to recommend as a minimum password length these days, as it is easily brute forced with consumer grade hardware. I would suggest 12 as a minimum. – Jon Bentley Dec 10 '15 at 19:23
  • 3
    Another note, Make sure you cannot access your router settings web-page with it's external IP. I have run into many routers where they have the web interface open to the internet by default. I ended up rerouteing port 80 to 1.1.1.1 in my port forwarding settings. If this is the case, your neighbour, or frankly anyone in the world, can change settings, and upload compromised firmware to your router, all they need is the password for the web interface. – Lektonic Dec 11 '15 at 14:53
  • Comments are not for extended discussion; this conversation has been [moved to chat](http://chat.stackexchange.com/rooms/32876/discussion-on-answer-by-stone-true-somebody-hacked-my-router-and-changed-my-wifi). – Rory Alsop Dec 11 '15 at 20:16
13

Ok I am changing my answer after reading all the comments. You need to understand the basics:

  1. SSID = The SSID is the name of the wireless broadcast from your router. This is not a username.

  2. If the person keeps getting in then its possible your security is not WPA2 like you think it is. or your password for the wifi is really weak or common. try a randomised password.

  3. If he can connect to your wifi, he can connect to your router through a web browser. Typically the address to access a router in the browser is 192.168.0.1 OR 192.168.0.254 OR 192.168.1.1 OR 192.168.1.254 .... (to get the address more officially rather than guessing, open up command prompt in windows and type: ipconfig /all and look for your default gateway related to your network settings)

  4. Upon accessing the router through the web a DIFFERENT password is used, if you use a netgear router the password could actually not exist and the user name will be admin.

  5. When into the router you can change things such as the SSID easily.

How would I solve these issues?

  1. Reset the router to factory default.

  2. Change the router user name and password (NOT THE SSID)

  3. Now change the SSID and make the wireless password / encryption a randomly generated WPA2-PSK.

  4. A firmware update

  5. If this fails, follow these steps, reset your devices as he may have bugged you in someway.

TheHidden
  • 4,265
  • 3
  • 21
  • 40
  • 4
    The router's IP address is usually the default gateway for a device that's connected to it. You may want to provide instructions for looking up your default gateway, rather than listing several common router IPs that may or may not be right. – Dan Henderson Dec 10 '15 at 20:01
  • @DanHenderson you are 100% correct, I should do that, will edit this in a little while (now to remember how to use windows) – TheHidden Dec 11 '15 at 10:34
  • 1
    @silverpenguin ipconfig/all might be what you need. – vasin1987 Dec 12 '15 at 02:02
5

Change your security to block ALL devices, except MAC addresses of your own gear. You'll have to look them up and enter each one manually. But the change should stop him cold.

donjuedo
  • 659
  • 1
  • 5
  • 8
  • 15
    MAC filtering on a Wifi router is not true security – Canadian Luke Dec 10 '15 at 18:54
  • 4
    [MAC spoofing](https://en.wikipedia.org/wiki/MAC_spoofing). – Jon Bentley Dec 10 '15 at 19:28
  • Oof. I stand corrected (and down-voted). This link, http://www.howtogeek.com/204458/why-you-shouldn%E2%80%99t-use-mac-address-filtering-on-your-wi-fi-router/, discusses MAC spoofing, and says WPA2 is enough. The OP says he's already using that, and still compromised. – donjuedo Dec 10 '15 at 19:28
  • 6
    Though MAC spoofing is possible, so is password guessing. That is, it makes no sense to ignore a security feature simply because it's possible to bypass it, _especially_ if there's no evidence that the "neighbor" even knows it can be done. Listing approved MAC addresses is a viable tactic until it's shown to fail. – user2338816 Dec 11 '15 at 11:02
  • 1
    I used this for a long time until I read several articles saying it doesn't really provide any more security than setting a good password, and it was a huge hassle to have to maintain a big list what with friends coming over and so many devices already in the house. I recommend creating a password **pattern** that results in a 12+ length password and is variable by the URL you're connecting to. That way, you memorize your single pattern, and you have a unique password for everything. – redOctober13 Dec 11 '15 at 21:12
  • 2
    @user2338816, comparing MAC spoofing to password guessing a fallacy when it comes to wireless. Your MAC is there every time your device transmits a frame to be learned by anyone in the area. The only way this would relate to password guessing is if the OP were to hand out cards with his new password to all his neighbors each time he changes it. – YLearn Dec 12 '15 at 00:36
  • @YLearn It's a fallacy to equate them, but comparisons are completely valid. And it's very likely that a neighbor would be aware of password-guessing as well as being capable of doing it while being unaware of MAC-spoofing as well as unable to capture any. That's not something average users do. And if it is in fact done, we can be much more certain we're dealing with someone with a troublesome competence. – user2338816 Dec 12 '15 at 08:59
  • @user2338816, shall we list what else an average user wouldn't do? Let's start with connecting to a neighbor's secured WiFi. Then we can add in multiple times. Now add changing the SSID. If the attacker has read enough to do something like a WPS exploit, they will have read about MAC spoofing. They fit in the same "set" of materials. And your "comparison" still doesn't hold up as they aren't at all related. – YLearn Dec 12 '15 at 16:06
  • @YLearn It's plausible but uncertain. Until there's evidence, there's no reason to dismiss it out of hand. And when evidence shows up, there's a significant possibility of real criminal accusations. (See, e.g., how MAC-spoofing played a role in **determining criminal intent** in [U.S.A. v. Aaron Swartz](http://www.wired.com/images_blogs/threatlevel/2012/09/swartzsuperseding.pdf).) Changing to a restricted address is the evidence of intent. Knowing how to change a MAC address is one easy thing; determining what address to **change to** is significantly different and is more difficult. – user2338816 Dec 13 '15 at 05:22
5

Changing the SSID won't save you from this annoyance.

You need to do a "back to factory settings reset" (Check the manual of your router, sometimes it has a tiny button to allow this)

After that:

  • Enter the router config page (with the default admin password)
  • Put a new router admin password (strong one preferable)
  • Change the default SSID and password the router recreates (hiding SSID broadcast helps a tiny bit)
  • If you have your router near your wireless devices, reducing the transmission power will help another bit (in case the attacker isn't close)
  • Disable WPS (some routers can be hacked via WPS)
  • Disable remote admin (in case the remote admin password has been compromised or if you don't need frequent ISP support).

If the attacker keeps getting in, consider a firmware upgrade or a router replacement.

Hope this helps.

Gusstavv Gil
  • 176
  • 4
  • 2
    The statement that *"hiding SSID broadcast helps a tiny bit"* is nonsense. Someone who is determined enough to break into a home wireless router multiple times won't be slowed down much (if at all) by a hidden SSID. Further this potentially makes you more vulnerable to a wider audience as your devices will now all (not just the ones that do it by default) be broadcasting your SSID in probe requests wherever they go. – YLearn Dec 12 '15 at 00:31
  • By "tiny bit" I meant "script kiddies won't be annoying you". A really determined person can go as far as getting inside a house, or doing Social Engineering or installing trojans on the devices. – Gusstavv Gil Dec 12 '15 at 08:37
  • 2
    Even script kiddies will be able to get past a hidden SSID. – YLearn Dec 12 '15 at 15:59
4

Does your router have WPS enabled? If so, disable it.

You say you change your router password often, do you mean the admin password to log into your router, or the password to connect to the WiFi? Change both to something complicated. If you're not changing the router admin password it's entirely possible he has compromised that.

Alternatively it's possible he's compromised your PC at some point when he was connected to your WiFi.

You mention that sometimes your phone connects to a WiFi network that doesn't have a password... is this when you're at home?

AlexH
  • 1,168
  • 6
  • 8
  • 1
    Change the admin password for the router. If that's still the default one, or was shared with your WiFi password, any other measures you take are pointless until you change it. – AlexH Dec 10 '15 at 12:19
2

Disable wireless administration: Change the setting that allows administration of the router through a wireless connection to off . This means that you need to connect with a LAN cable for administration. This disables any wireless hacking into the router.

donjuedo
  • 659
  • 1
  • 5
  • 8
GAD3R
  • 2,211
  • 3
  • 15
  • 38
-2

On most routers you should make certain that you've turned off remote administration. You should only allow the administration of your router from hardwired IPs. That way, even if they get the SSID password, they're not changing your router.

Also... move your router further away from the hacker. If you don't know who it is, move it to a different room, wait for them to hack it, move it again, etc. If you have a basement, you might put it there as long as it is still useable to you. If they get a crappy signal, they'll likely move on.

  • 1
    "hardwired IPs"? Do you mean wired connections? And by "SSID password", do you mean the router admin password? Moving the AP is unlikely to deter a determined neighbour, as this seems to be. "Remote administration" usually means accessing the AP's admin page form the Internet, not from the local network. – schroeder Dec 10 '15 at 19:48
  • 7
    The substance of this answer - disabling access to the device's administration controls via WiFi - is great advice, but between the inappropriate word choices that @schroeder pointed out and the suggestion to relocate the router (unnecessary if you've disabled wireless administration), I can't bring myself to actually upvote it without significant improvements. – Dan Henderson Dec 10 '15 at 20:06
  • `s/hardwired/a specific, limited set of/` – Lightness Races in Orbit Dec 11 '15 at 19:10