65

If someone knows my wifi password (be it WEP or WPA) what can they see? Do they just see URLs I visit, or can they see everything in my browser, or even everything I do on my computer? Does using HTTPS make any difference?

Secondly, If the attacker does not live nearby, is it possible for them to set up a laptop in my neighbour's house and record all my traffic or otherwise relay the data via the web?

Anko
  • 189
  • 10
user20378
  • 653
  • 1
  • 6
  • 5
  • Please provide more detail on your configuration, such as what operating system you're using, if you're sharing any local resources (files and directories, web cameras,...) through your private network, if you have some remote controlled desktop applications installed and enabled, do you use software firewall or use torrent clients and which, what anti-virus/anti-spyware software do you have installed, and similar information that might help the community in answering your question more completely. Don't be too specific, though. Naming them would be helpful enough. ;) Cheers! – TildalWave Feb 05 '13 at 02:41
  • windows 7,no remote control apps, no firewall or antivirus, use utorrent occasionally. – user20378 Feb 05 '13 at 15:03
  • They would see the same thing that they would see if they snuck into your house and plugged their laptop into your ethernet hub with an ethernet cable. And could either sniff traffic or directly connect to any computer on your network allowing them to do anything they wanted. – Fiasco Labs Mar 26 '16 at 18:01
  • @FiascoLabs Plugging into a network allows you to "connect to any other computer on that network and do anything you want"? o_O – endolith Feb 21 '20 at 15:03

6 Answers6

59

If someone knows my wifi password (be it WEP or WPA) what can they see on my screen? Do they just see URLs I visit, or can they see everything in my browser,....or can they see everything I do on my computer? Does using HTTPS make any difference?

They can't see anything on your screen (unless you've enabled some sort of unencrypted remote desktop screen sharing program).

They can, however, observe all the data being sent to and from your computer (I'm assuming for WPA/WPA2 they observed the 4-way handshake at the beginning of each session; or trivially forced your computer to start another handshake), unless you encrypted that data using a protocol like HTTPS. They would typically run a packet capture program like wireshark to decrypt the wifi encryption.

Again, they'd be able to see what HTTP webpages you requested, what links you click, the HTML content of the webpages you requested, any information you post to a web site, as well as all data (e.g., any images/movies) sent to you or by you. They can also interfere with the traffic being sent to you (e.g., alter the content you see). Granted anyone nearby can always interfere and cause denial of wifi service without knowing your password (e.g., often turning on a microwave oven will interfere with all wifi traffic being sent to you). Or have their own computer/router that they fully control that sends impersonated messages as you or your router.

If you visit HTTPS sites only, they can't decrypt the data (unless they have somehow additionally compromised your computer). However, even with HTTPS they can see what IP addresses you are sending/getting data from (which usually will let them tell what domain e.g. if you went to 69.59.197.21 it's stackexchange.com). They also will know when and how much encrypted data is being sent. This is possibly enough to give away private information. Imagine you went to a webpage via HTTPS that had results of your HIV test, and an eavesdropper was listening. If the web page for a negative result showed 3 images (of specific sizes) and a 10 MB PDF file on safe sex, while the page for positive results had 15 images and three PDF files that were 8MB, 15MB, and 25 MB respectively you may be able to figure out what their results were by observing how much data was sent and when. This style of attack has been used to figure out what people were searching for on a popular search engine (from the instant results provided for different queries) or roughly estimate what kind of income someone had at an https tax site. See Side-Channel Leaks in Web Applications (pdf).

Granted all this information is also available to your ISP as well and to every intermediary router between your computer and the server you are trying to visit.

Secondly, if the attacker does NOT live nearby, is it possible for them to set up a laptop in my neighbours house for example, and programatically record all my traffic...or alternatively can they relay the data from the laptop to their own computer elsewhere, via the web?

Either is trivial to program up assuming your neighbor doesn't mind them putting a laptop in their house (or they found a power source and place to hide their computer).

endolith
  • 103
  • 1
  • 1
  • 6
dr jimbob
  • 38,768
  • 8
  • 92
  • 161
  • 1
    Great answer to part 1 but for part 2 what do mean by "either is trivial"? – user20378 Feb 04 '13 at 21:47
  • @user20378 - the attacker can write a simple script to capture your data and then forward it to some server they control. – dr jimbob Feb 04 '13 at 21:49
  • 1
    Moral of the story is wireless traffic is easier to intercept than wired traffic. Unless your neighbour is an electrical engineer, spying on wired traffic is mostly the domain of governments. – LateralFractal Oct 05 '13 at 03:05
  • 3
    @LateralFractal - Agree that wireless is easier to eavesdrop than wired. However, in addition to governments, includes anyone upstream of your network connection can eavesdrop/alter your traffic. Including for example your ISP, or network administrators at your work, etc can intercept unencrypted wired traffic. – dr jimbob Oct 05 '13 at 05:33
  • 1
    @drjimbob, Regarding *"if you went to 69.59.197.21 its stackexchange.com"*, Does IPSec solve the ip-leaking problem? Are there even ways to solve this problem? – Pacerier May 25 '15 at 07:11
  • @LateralFractal, That's only true for houses with wires within the walls. If the wires are exposed all over the place, you could always hide somewhere and plug a wiretapper in. – Pacerier May 25 '15 at 07:14
19

If your WiFi router is hijacked (which is a bit more thorough than simply obtaining your WiFi password), then the attackers will be able to see every byte which leaves your computer or enters it. Your computer, by itself, ought to be safe. Theoretically, safe Web browsing is still possible thanks to SSL.

In practice, however, this means that the attackers now have a direct route to your computer and can play as will with all your unprotected traffic, including DNS. Your safety then relies on how up-to-date and bug-free is your operating system (fat chance on that), and how paranoid and cautious you are. This is not a comfortable situation. If attackers can upload some malware on your computer, then, at that point, you are hosed: they can see everything you see on your display, they can track all your key stroke, they can plunder your files, they might even switch your Webcam on and spy on your physical person.

WiFi (in)security is exploited "over the air" and the radio waves can cover some ground, up to about 100 meters or more in open spaces. For the attacker, being in your house, in your neighbour's house, or in the street, makes no practical difference.

Summary: use WPA2 and a strong password.

Thomas Pornin
  • 320,799
  • 57
  • 780
  • 949
  • Beyond breaking the connection or setting different DNS servers to be sent in DHCP, what more can an attacker do when he has the router password? Not many consumer routers will prevent ARP cache poisoning and the like, you can already do just about anything without router password. – Luc Apr 16 '13 at 09:07
  • 2
    Use different passwords for the WiFi router's login and for the WPA2 PSK. It amazes me how many people set them both the same. – Michael Hampton Oct 07 '13 at 17:58
  • @Thomas, Would DNSSEC solve this "plain-text DNS problem"? – Pacerier May 25 '15 at 07:15
  • DNSSEC, ultimately, would make DNS queries verifiable, so attackers in control of your WiFi would not be able to feed your machine with fake queries. They would still be able to _see_ all your requests, though, and thus know what sites you are using and when. – Thomas Pornin May 25 '15 at 19:35
  • An attacker that successfully compromised my WiFi router has a significantly higher chance of compromising a node in the network (my home computer in that scenario), correct? – Luis Vasconcellos Oct 14 '20 at 13:14
5

Even if the user having your password is not technical savvy , someone who is an average user could also cause allot of damage with a leaked wifi password:

  1. download illegal contents, which will be tracked back to your ip address.

  2. wasting internet bandwidth, if you are on a limited ISP plan this could cost money, otherwise it will just slow down your internet connection.

  3. an OS like windows use weaker firewall setting when running on a home/trusted network, and enabling sharing of some music and files, this could get worst if you are sharing harddisk(s) or resources between different devices over your network.

  4. people generally use weak password for the router, or even leave the default password, which could make a user that was able to get past wifi password have permanent access to your network by just forwarding some ports.

sharp12345
  • 1,969
  • 3
  • 13
  • 23
4

If the attacker hacks into your WiFi and is able to connect to the network with his laptop then it opens up a big pool of possibilities for him because now he is present in the same LAN as you are. Some possible scenarios would be :

  1. He can easily capture traffic moving in and out of your system.
  2. If you are managing your access point over http (not recommended) then he might be able to sniff the password and make changes to the Access Point configuration.
  3. MITM is a possible attack.
  4. If you dont have all the recent updates and patches, then he might be able to find and exploit a vulnerability.This will allow him to take control over your system or he might be able to put a keylogger into the system.
  5. He may anonymously perform some illegal hacking activity from your network and then the authorities will track back to you.

Here is a link that you might find helpful. It talks about securing the WiFi Access Point.

Shurmajee
  • 7,285
  • 5
  • 27
  • 59
3

Wifi hacking is a common occurrence nowadays. A layman can hack your wep wifi network within a short time using BackTrack. WEP is 0% secure, you can only increase, your attack time by using higher bit encryption. If your network is WPA/WPA2 secure with WPS pin default setup, then also you are very much vulnerable.

In most of the cases, routers have default username/password. The attacker just need to search for the default user/pass combination for that particular router in the internet, after he got access of the network. If the attacker gets router level access, then he can access/capture the data of each user on the network. He can easily get your online credentials, there are numerous tools to achieve this.

The most important thing here is to secure your system, even if the network gets hacked. Of course, secure network is the first huddle and it should be made as secure as possible. The key to secure system, is to keep your system and all software patched to latest updates. There are tools which scan your system for all types of OS/software vulnerabilities. Once a vulnerability is found, the attacker uses it to get access through a terminal in your system. At this point, he can access all files in your system. If there are some files, which you can't afford to be exposed, it's better to either encrypt those files or use software like folder lock. Other elevated access includes not only fetching your screen, but also controlling your system.

Today, there are many wifi antennas in the market which has a range of 2 kms or more. So, not being in the neighbor is not such a big problem for them. Also, it's possible for them to access the attacking system through internet and channel data by using software like team viewer and VNC.

  • Sensitive data can/should be [air-gapped](http://en.wikipedia.org/wiki/Air_gap_%28networking%29). – Vorac Sep 02 '13 at 10:36
1

They have full access to your network, and if you have no computer firewalling or weak/no access controls, full access to the data on your computers through shares that have been set up.

Fiasco Labs
  • 1,557
  • 10
  • 12