2

Let's say someone already knows my Verizon FiOS router password and has previously hacked me and maybe my computers at home. If I change my router password, couldn't they see me doing it and know what I'm typing in, thus being able to continually hack me?

Jamal
  • 148
  • 1
  • 8
atrueidiot
  • 87
  • 1
  • 6
  • 2
    It really depends on whether they managed to change (a.k.a infect) the software running on the router and the computer used to change it or now. – billc.cn Oct 07 '16 at 15:35
  • if you reset to factory defaults and connect to it with a wired connection on a computer that you know is clean you will be able to reset the password without the password being compromised. – CaffeineAddiction Oct 19 '16 at 20:58
  • @CaffeineAddiction If I do that, in the process of connecting my clean PC to the reset router, I fear I'd contract malware from the router to my clean PC. We've talked about the topic of malware that survives a router reset in the forums here before. Some types of malware can modify the firmware in the router making a factory reset insufficient to fix the problem. I'm scared that might be the case for me and am scared to even connect a clean PC to the router. – atrueidiot Oct 20 '16 at 00:06
  • @atrueidiot thats just it, you shouldn't have to connect your PC to the router to do a factory reset ... there should be a physical button on the router itself ... press it in and count to 30 then reboot. – CaffeineAddiction Oct 20 '16 at 05:31
  • @CaffeineAddiction Sorry, I didn't mean resetting the router, but changing the passwords to it after resetting the router, Caffeine. After a factory reset, the router goes back to default settings with default passwords that are advised to be changed. To change them, I'd have to hook up my device to the router. And as talked about in other threads, there are types of malware that can survive a reset (the type that changes the router firmware). :( – atrueidiot Oct 21 '16 at 12:15
  • @atrueidiot I am sure there are viruses that can survive reset ... however most of them do not plague the civilian sector. If you reinstall your computer offline before connecting it to your reset router you should be fine ... as far as something surviving reset then use a random gen password and if it gets hacked again then you should get a new router (good chance its not a virus on the router and that it is just susceptible to reaver attack http://lifehacker.com/5873407/how-to-crack-a-wi-fi-networks-wpa-password-with-reaver ). – CaffeineAddiction Oct 21 '16 at 14:05

2 Answers2

5

If the attacker has managed to either (a) modify the software running on the router, or (b) infect the computer used to change the password, then yes, the attacker will be able to steal the new password you set.

If you suspect that both the router and the computer has been hacked, I would recommend the following:

  1. Disconnect both the router and computer from the internet and each other.
  2. Do a factory reset on the router and do a complete wipe and reinstall of the OS on the computer.
  3. Connect the computer and router and reconfigure the router.
Community
  • 1
Anders
  • 64,406
  • 24
  • 178
  • 215
2

If your PC is infected with a key logger that sends information to the hacker, then yes he can see your password changes. A key logger can not only send what you typed in, but also screen shots.

You can use a PC that you know that it is not compromised by that hacker to change the password on the router.

Edit: based on your comments below I would do the following:

  1. Download the newest Firmware of your router from the official website of the router. Ask your internet service provider if you don't find it. You will need this software later on.
  2. Clean install your PC without being connected to the internet
  3. If you are on Windows or on Mac, install an antivirus program before connecting to the internet. (This means you should have the software ready on a memory stick.)
  4. Unplug your router from the internet.
  5. Factory reset your router with the reset button.
  6. Before connecting again to the internet: Install the new Firmware downloaded (point 1 above) and then change the default password of your router.
  7. Tell your sister (I suppose she is very young and hope nobody will be offended now) she should NEVER insert her password into a website that does not belong to that password. For example never insert your Facebook password in a website where the address bar shows a third party address. Always check in the address bar if the URL is correct. A small "spell mistake" is an indication that you are being hacked. (This is a very common hacking method. I still believe that her spam has nothing in common with your slow internet.)
  8. Observe your home network and PCs for the next couple of days or weeks.

I hope it helps. Let me know if you need further help or clarifications.

RichArt
  • 176
  • 5
  • Would it be possible that the hacker "controls" my PC AND router and therefore any new device on my router (a "clean" pc) that tries to change the router password would be IMMEDIATELY hacked by the hacker too and the password change attempt thwarted? – atrueidiot Oct 07 '16 at 19:06
  • Theoretically yes. I think, the hacker would need to have installed a piece of software in your network that alarms him if any new device is plugged in and he is waiting for this event at his PC. The best way to be almost 100% sure would be to unplug the router from the internet and clean reinstall router and PC. – RichArt Oct 09 '16 at 20:23
  • Hi, RichArt Thank you for the response. I just had a quick follow-up question for you. When you say to "unplug the router from the internet," how do you do that? I was under the impression that routers were automatically connected to the internet upon being turned on. Is that not true? If you can be disconnected, how would that be done? Thanks very much for helping me! – atrueidiot Oct 15 '16 at 11:44
  • Based on your question I am not sure anymore that we are talking about the same thing when talking about routers. But if by router you mean the same [thing] (https://www.google.ch/search?q=router&newwindow=1&espv=2&biw=1325&bih=657&source=lnms&tbm=isch&sa=X&ved=0ahUKEwi2mtyJ4tzPAhVHBBoKHSFSDIcQ_AUIBigB) like me, then you can just unplug the cable that connects the router to the internet. If you don't have a back-up channel to the internet (like for example a cellular network or a second cable internet connection), then there is no way for the attacker to know what's going on in your network. – RichArt Oct 15 '16 at 12:08
  • Regarding the "automatic connected", this is in most of the home routers true, because the routers are designed in a way that you just need to plug in and it works. (plug'n play) – RichArt Oct 15 '16 at 12:09
  • Sorry, RichArt You were right and I was wrong. My Verizon Fios router (this one: https://www.amazon.com/Verizon-Router-Actiontec-MI424WR-Rev/dp/B00QGDLA5Y) does have a blank cable in the back connecting it to the Fios "box" thingy in my garage. I guess the "box" thingy is what is connected to the "real internet"??? I'm not very educated about how computers work, so I'm sorry if I misunderstood you. So, if I just unplug that black cable, then my router would not be connected to the internet? Would it NEED to be connected to the internet to change the password? Thanks, again!!! – atrueidiot Oct 17 '16 at 19:38
  • Yes, unplug the black cable. If one of the two WAN leds are still blinking, then you are still connected to the internet. If so, try to unplug another cable. Once disconnected from the internet, you should be able to login from your PC. To this end find you need to input your gateway IP address in the browser address bar. The Gateway IP should be something similar like 192.168.0.1. Then login with username and password and make the changes to your router. Alternative: factory reset: https://www.verizon.com/support/residential/internet/fiosinternet/networking/setup/actiontecmi424/127288.htm – RichArt Oct 17 '16 at 22:22
  • But I really don't think that your router is compromised. Or is there any evidence to believe so? – RichArt Oct 17 '16 at 22:25
  • @RichArt1 Yes, there is reason to think the router was compromised. See my story here: – atrueidiot Oct 17 '16 at 23:30
  • http://www.techist.com/forums/f51/did-malware-hackers-infect-my-entire-household-need-help-278311/#post2187082 or here: http://security.stackexchange.com/questions/138546/did-malware-infect-my-entire-household-need-help/138547 – atrueidiot Oct 17 '16 at 23:31
  • 1
    OK, I started to read. I hope you do not take that personally, but it's too long. But what I got from what I read so far, is that your internet speed slowed down considerably and your browser has some strange behavior (stuff at the bottom left corner). But still, why do you think that your router is compromised? I mean, it could be, that your compromised PC is causing a huge traffic load. That would explain why the other computers are also slow. The spam on your sisters account could be independent (another attac) because it is much more common. – RichArt Oct 17 '16 at 23:43
  • @RichARt1 lol. No problem. I know it's very long!! I mentioned in the post/story that my router reverted back to factory default settings after a storm back in May 2016. It was off for about 48+hours and Verizon seems to automatically reset it if it's off for too long. I left it at the default settings (not changing the password) from early May 2016 to September 2016 (4+ months), before realizing I should have changed it! I have heard that routers with default factory passwords are easily cracked, b/c the passwords are known and that's why we need to change them. Other weird – atrueidiot Oct 17 '16 at 23:53
  • stuff happened to (as explained in the story I linked above). So, there is reason to believe the router was infected too. But, I'm also just being super, super safe, because I don't won't to deal with messed up computers again. It's too big of a hassle. And I also just want to be sure I can safely browse stuff online (like banking account) in the future without problems from hackers/malware. – atrueidiot Oct 17 '16 at 23:55
  • I edited my answer above. I hope it helps. :-) Le us (the community) know! – RichArt Oct 19 '16 at 20:45
  • Thanks for the edit, Rich. I had a quick question already (you know me...lots of questions!) concerning step 1. I'd have to download that from an internet connection not of my own right? The only place for me would be my city's libraries. But I know for sure those computers are infested with malware themselves!!! They are super slow and have weird stuff flickering at the bottom left corner of the Chrome browser saying: "waiting for..." and "connecting to..." After those two phrases are NOT the website I typed by WEIRD locations online like axati.com or tgeti.net, etc. – atrueidiot Oct 20 '16 at 00:16
  • It is safe do download the Firmware and the antivirus software from your home. Your browser (with https) and the network (with tcp) gives to you a very high probability that the data is not changed by a hacker. But, of course if you feel safer, you can connect to another network for the downloads. Notice: we always are talking about probability. Nothing is 100% sure. The only way to have almost 100% security is to never connect the computer to the internet. And even then, you are not safe if the hacker comes physically to your home to access your PC. Btw, is your name James Bond? ;-) – RichArt Oct 20 '16 at 06:56