38

I have a bit of a security concern. I'm concerned that my neighbor sees everything on my computer, web sites I have visited, my passwords, etc.

Background:

He installed a Linksys router in my house after I complained to him about poor signal strength. He is experienced with IT, and I am concerned that he is able to connect through a backdoor and see everything from his home as he lives three doors down from me.

Questions:

  • Should I be concerned?
  • Is it possible to remotely connect to the Linksys device and see my online activity?
  • What can be gained out of doing something like this?
  • If this issue is possible, how can I defend myself from attacks like this?
Peter Mortensen
  • 877
  • 5
  • 10
Kenny
  • 373
  • 3
  • 7
  • 1
    Hey @kenny, thank you for the question. I've edited it to make it compatible to the website. – Herr Dec 14 '14 at 14:17
  • 20
    Did you buy the router or did the the neighbor? In any case, if you seriously suspect your neighbor might have tampered with the device before or while installing it at your home, why would you even allow that person to enter your house? – O. R. Mapper Dec 14 '14 at 16:13
  • It was an extra router he had and gave it to me. Never really was concerned about his trust worthiness until after the fact. Just thought is was very odd that he had to plug his lap top into the router to install it etc... Seemed as if he was down loading information to allow it to work properly...so he says. – Kenny Dec 14 '14 at 19:23
  • 20
    It is very common to connect a laptop to a router to configure it, as you need to first connect to the router in order to access the web-based control panel. I don't see anything that would immediately suggest malicious intent. Just change the network password and the control panel login and you should be fine. – tlng05 Dec 14 '14 at 20:28
  • 4
    @Kenny Basic human decency suggests reciprocation with a nice gift to your neighbor and/or family even if they did not ask for anything. After all, the gift of his skilled labor plus the spare network router is easily worth a few hundred US dollars. Try asking for a price quote for an electronics store to send a stranger to install your home network. It is not inexpensive, as those stores like to make money off of people who are inexperienced and unwilling to learn. While the security question is on-topic here, do you think your neighbor would enjoy reading this post? It seems offensive. – Paul Dec 15 '14 at 04:24
  • 14
    It's all about trust. Did your neighbour steal your silver teaspoons while he was there? It sounds like the neighbour did you a big favour worth a few hundred bucks and you are deeply suspicious of him for no apparent reason. That's the sort of behaviour that stops people from doing nice things for each other. If you're that worried, unplug the router and install a new one. – Tom Chantler Dec 15 '14 at 09:26
  • 6
    @TomChantler The distinction you've made is contested, generally. People who've never stolen physical goods in their life (except perhaps a handful of sweets as a child) often download music/movies/games which is often described as theft. Likewise, someone a little bit shady might never steal from you, or harm you physically, but might keep a note of passwords on systems they've helped you with. Not justifying it, but "trust in allah but tie your camel" and all that. –  Dec 15 '14 at 12:46
  • 2
    The neighbor did you a favor. Do not be suspicious of him for no apparent reason. If you are concerned of stolen bandwidth, figure out how to change the password of your WiFi router. It's pretty easy to do that. There is no real need to be concerned about stolen data however unless you're very rich and need to protect your assets (in which case you can buy your own router and pay for hired help) or you're doing something illegal and don't want to be sent to jail. – ADTC Dec 15 '14 at 13:24
  • Installed or not, a determined hacker _will_ access your router. – user3459110 Dec 15 '14 at 16:45
  • `Should I be concerned?` how rational is it from the same information you gave us to suspect your neighbour to be malicious? everything is relative I suppose. you and the neighbour have a huge gap of IT capability so in theory the neighbour may would feel safe and confident that you wouldn't notice the difference if [s]he were attempt to trick you. would your neighbour need your data? for profit? for fun? you may want to make up some fake but beliveable information that makes her/him take a move. if the neighbour tries to use it for his/her advantage you can be sure about being monitored. – n611x007 Dec 16 '14 at 09:27

4 Answers4

39

Is it possible to remotely connect to the Linksys device?

Yes.
Most routers have an online administrator page that can be accessed externally by visiting your public IP address (go check WhatIsMyIP.com too see yours).
It's even easier internally by accessing the internal IP address of your router, which is in most cases either 192.168.0.1 or 192.168.1.1. If these don't work, you can find this IP address by opening a command prompt by opening start and typing cmd (Windows Vista, Windows 7 and Windows 8) or by pressing Windows + R and entering cmd.

Once the command prompt is open, enter ipconfig and look for the default gateway address under Wireless LAN if you're connected via the Wi-Fi or under Ethernet adapter for LAN connection if you're connected via wire.

If you browse to the address of your router, you shall be greeted by the Lynksys administrative page and you'll have to login. Read the manual or Google lynksys [your model, see box] default login to find out the password.

And see my online activity

This depends. Some routers allow to log the activity of the connected devices. Check the manual or the administrative page of your router for settings like this.
If I were to stalk you, however, I'd connect to your network and run a sniffer. A sniffer snifs all network traffic on the network you're connected on and most of them allow to filter on interesting protocols like HTTP (normal browsing network).

If he knows the password of your Wi-Fi, he can connect to it and sniff your network. Sniffers are tools that listen to all network passing by, even if it's not being sent to you. Wi-Fi is easy to sniff, as wireless data is sent in all directions.

and should I be concerned?

Do you trust this person?

You allowed him in your house and you allowed him to install the device. This means that there is some basic trust between the two of you. Is there any reason not to trust this person?

What can be gained out of doing something like this?
The neighbour might be connected to your Wi-Fi to steal your bandwith, i.e. he downloads movies via your network, so he doesn't have to pay for it. He might also use your network for stuff he wouldn't like to see linked to his own network (for example, criminal activities or surfing to adult websites).

If he's able to sniff your network, he could capture passwords on weakly protected websites (they use normal HTTP instead of HTTPS, which encrypts network traffic). If you suddenly were to see notification of HTTPS-sites being non-trustworthy anymore, although they have always been (e.g. Facebook), then he's trying to sniff the encrypted connection between those websites. If you use other services, like FTP to connect to a fileserver or RDP to connect to a virtual work environment, he could steal those passwords.

By listening on someone's network traffic, it's also possible to collect information about a person's behaviour. Do you check a lot of travel websites, adult websites, cat videos, ... This information could be used to make a profile of you. The advantage of this depends on what it would be used for.

If this issue is possible, how can I defend myself?
If you decided that you don't trust this person, there's a lot you can do yourself.

First of all, undo all possible settings your neighbour made. This means resetting the device.

Unplug all network connections to the device and reset it by sticking a pencil in the hole at the back where it says 'reset'. Hold this for 5-10 seconds. Most devices will notify you of the reset, e.g., with some blinking lights.

Follow the instruction manual of your device to reinstall it. In most cases you'll have to connect a device via cable or via a default Wi-Fi and browse to the IP address I mentioned before.

You'll be able to change the administrative password, name of the Wi-Fi and password of the Wi-Fi. Do all of this. Be sure to use a strong password (8+ characters, capital and small letters and a few numbers, maybe a - or _). And use at least WPA2-PSK protection on the Wi-Fi. Use a generic name on the Wi-Fi that doesn't reveal whose Wi-Fi it is or what device is being used. I like to use names of stores that aren't in my neighbourhood (for example, Starbucks).

Once you've done all of this, you'll have to reconnect your devices. If they're connected by cable, nothing has to be done. If they're connected via Wi-Fi, you'll have to connect them to the new network with the new password.

Whether you trust the person is up to you. But it never hurts to learn something new by installing the router yourself, and it'll give you a more safe feeling knowing that nobody is able to do you harm this way.

Big hint: although this practically does it, reading a manual every now and then might help you.

Next time you need a router, ask a store clerk for one that fits your needs (number of wired connections, does it need Wi-Fi, do you want a wired connection that is guaranteed to get better speed than the others [e.g. for gaming, streaming], ...). When you get home, spend some time reading through the whole manual and then start installing the device with the manual close by.

Peter Mortensen
  • 877
  • 5
  • 10
BlueCacti
  • 950
  • 7
  • 10
  • 14
    *"Most routers have an online administrator page that can be accessed externally by visiting your public IP"* Do you have any sources to verify that claim? Some routers might expose that page, but in my experience, most of them **don't**. – nyuszika7h Dec 14 '14 at 18:51
  • 25
    @nyuszika7h - Most routers I've seen *let* you expose it, but don't by default. – Bobson Dec 14 '14 at 23:21
  • 6
    If there's a WPS PIN written on the router, make sure to disable [WPS](https://en.wikipedia.org/wiki/Wi-Fi_Protected_Setup "WiFi protected setup") as well. Actually, [you should always disable WPS as it has a design flaw that renders it vulnerable to attacks](https://en.wikipedia.org/wiki/Wi-Fi_Protected_Setup#Vulnerabilities "WPS Vulnerabilities"). – user2428118 Dec 15 '14 at 03:57
  • 1
    Some routers have the router's IP address and the default administrator username/password written on the back. Just another way to find it without having to use Command Prompt :) – Robotnik Dec 15 '14 at 05:48
  • 4
    +1 with emphasis on the part that talks about _trust_. In my mind that's the core of the issue (i.e. this is one of those social problems, not technical). – David Z Dec 15 '14 at 07:03
  • 4
    Small practical hint: If your neighbor did not do anything malicious, all he can see is the wifi name. Therefore I would actually recommend you to keep that name the same so you won't offend him unnecesarily by showing that he did your setup for nothing. – Dennis Jaheruddin Dec 15 '14 at 09:18
  • 3
    If the neighbour was that bothered about getting your data he could have put a custom firmware on it too. Changing passwords/factory reset doesn't undo that. One step further if you are really paranoid is a backdoor at hardware level, which would even survive the firmware being replaced. It all depends on what extent you think they would go to and how much do you distrust them. – JamesRyan Dec 15 '14 at 14:17
  • @JamesRyan: Most of the attacks described in this answer are stuff that the neighbor could do just by reading the router's manual and using its built-in administration and monitoring features. (Intercepting network traffic e.g. for password sniffing is a bit trickier, but still doable using off-the-shelf / FOSS tools and a bit of technical knowledge.) Creating and installing backdoored custom firmware requires significantly more skills and effort in comparison, and so is a much less likely attack scenario, at least unless your neighbor is actually a government agent spying on you. – Ilmari Karonen Dec 15 '14 at 14:49
  • 2
    `ask a store clerk`. I would never recommend anyone to ever do that. A lot of them are not trained for that, and you can never really know how much they know and how much they pretend to know unless you know yourself. (don't get me wrong, there are some very competent clerks who actually care about getting you the best product for your need. But if you can distinguish them from the other kind, you don't actually need them). – njzk2 Dec 15 '14 at 15:18
  • Also note that you might be able to tell if he is connecting to your wifi. You would log into your router as described in this answer and look for the place where it shows connected devices and their assigned internal IP addresses (192.168.x.x). You might see "neighbor's laptop" or something like that. It might show last connection time or not. But I think you can delete the device. If he connects again, it will reappear in the list. Otherwise it will stay gone. – Buttle Butkus Dec 16 '14 at 23:38
  • @ButtleButkus I wonder how many people proactivly check the connected devices on the router's administration page. You can always delete the device (on most devices), but i'll automaticly reappear the moment he connects again, as nothing has changed to the network's security settings. You could ofc ban his MAC address, which will cost him some extra effort to get on the network again (i.e. change MAC address) – BlueCacti Dec 17 '14 at 22:29
  • @njzk2 Depends on the store you go to. Some stores require that you have some technical knowledge. In smaller franchise stores, you'll practicly always have someone with decent knowledge about the device. I always managed to get clerks with decent technical knowledge, even in the bigger retailers in my neighborhood. – BlueCacti Dec 17 '14 at 22:32
  • @GroundZero "it'll automaticly reappear the moment he connects again". Yes, that was my point. That would be a way for him to tell if the neighbor is connecting, if the router doesn't already tell him when the last connection was. – Buttle Butkus Dec 17 '14 at 23:49
17

Should you be concerned? Not if you weren't already concerned. Spare hardware is common. Giving it away to friends is common. Setting it up for them, if they don't know how to set it up themselves, is common. If you don't want to trust your neighbor, dig out the instructions and reconfigure the box yourself.

Is it possible...? Depends, both on how the router is configured and on exactly which software it's running. A router is itself a small computer, running firmware supplied by the manufacturer to manage the communications between their network ports. Variant firmware exists for some of them -- some of the LinkSys boxes, in particular, are sometimes re-flashed with a Linux-based set of router firmware to increase their capabilities. If it isn't running factory code, it could have all sorts of back doors installed into it... but that seems unlikely.

What could be gained... Do you mean by passing you hardware that would otherwise be gathering dust, or by passing you deliberately compromised hardware? The answer to the latter depends on how your computers are configured and what you're doing with them. Theoretically this could put them in a position to break into your machine and steal the contents of your disks, but whether there's anything there which you're concerned about is something only you can answer. If you're storing passwords and credit card numbers and such in plaintext, that's bad practice independent of whether your network might be open. I normally run my machines with even my own LAN being "untrusted", explicitly authorizing only the connections between machines that I am actually using, and that's secure enough that I have no objection to visitors asking for LAN access (though I may, at some point, set up a separate router for "public" use to further isolate their traffic from mine).

How can you defend yourself: See previous comments. Learn to configure the router and change its passwords/keys. Make sure your machines are secure (firewalls and antiviruses). Don't put anything on line that would ruin your life if it became public. And think about whether any of your neighbors has any reason to care what's on your machines; generally you're at more risk from folks you don't know than folks you do.

keshlam
  • 450
  • 2
  • 6
  • custom firmware with fake linksys logo and backdoors - the only answer so far that hints on these things. – n611x007 Dec 16 '14 at 09:18
  • 1
    As I said: Possible, yes. Likely, unless you are an unusually high-value target, no. Unless you're the sort of person tabloids are eager for every detail of, there just ain't that much that's interesting about you to justify the risk -- and if you are, why are you using hand-me-down routers? – keshlam Dec 16 '14 at 14:12
  • depends on the attacker and its motives. for example, an attacker may want to deploy these tampered firmwares just to build an infrastructure for occasional mass-data-collection or mediator in creating zombie-machines, noone needs to be of particular interest personally, only as input source for a comparative analysis or whatever use. – n611x007 Dec 16 '14 at 14:43
  • 1
    @naxa: Possible. Extremely unlikely when this is a simple neighbor-to-neighbor courtesy. If you insist on being paranoid you can find scenarios leading you to refuse almost anything (Tom Lehrer: "When correctly viewed / Anything is lewd"), but that way lies conspiracy theory... and the black helicopters really are NOT coming for us. – keshlam Dec 16 '14 at 14:58
  • infeasible to pose as a neighbor for every not-so-interesting target just to build such infrastructure, agreed. it'd be relatively easier for such an attacker to get them infected in mass before they get to the distributors to be sold, which as we all may know it may be not just paranoia unfortunately. anyway I was just happy to see the broader context in your answer. interesting quote btw. a third way of course to social-engineer all neighbors to do so, but well, let's not get into that here. – n611x007 Dec 16 '14 at 15:52
9

It is not difficult to set up a router, so you can easily reset the router to factory default settings and set it up yourself. Look at the back of the router and you'll probably see a small hole labeled "Reset". Stick a sharp pencil or straightened paper clip into the hole and press and hold for about 10 seconds. The router should reboot, and once it comes up it should be back to factory defaults.

Then, connect a computer to the router, either via ethernet, by using one of the ports labeled LAN or if you are unable to do this, wirelessly (the name of the network should be linksys). It would be preferable to connect via ethernet, so you do not need to keep changing your wireless settings on your devices. Then, open a web browser and try these three addresses:

http://192.168.0.1
http://192.168.1.1
http://192.168.1.254

One of those should get you to a login screen. Usually the default username and password will be either admin/admin or admin/password, but if those don't work just look for the model number of the router (probably on a sticker on the bottom), and search Google for "linksys [model number] default password" and you should be able to find it easily.

Once you log in you will get a control interface that lets you configure the router. Look around for Wireless Security and you should find a screen that gives you the option to protect your network with a passphrase. Set the security type to "WPA2-PSK" and come up with a strong password. Do not use the default password, as he may have noted this. Apply the settings and the router should reboot. This should be sufficient to prevent your neighbor from connecting and seeing your network traffic. You can now connect wirelessly.

tlng05
  • 10,244
  • 1
  • 33
  • 36
  • 2
    I can only agree with this: If you (@kenny) don't trust the person who sets up your router then factory reset and set it up yourself. Of course, you still have to deal with the limitations of your own knowledge, but at least it won't be malicious. – Rob Moir Dec 14 '14 at 15:46
  • 3
    This only answers the third of the three sub-questions by the OP. – O. R. Mapper Dec 14 '14 at 16:12
  • 3
    The only thing I'd add is: *Make sure you know what your routers default login is BEFORE you reset it.* – Dan Is Fiddling By Firelight Dec 14 '14 at 17:30
  • and make sure you reint out all necessary informatio before resetting your router. – atk Dec 14 '14 at 18:39
  • @Simon: More detailed than usual, perhaps. And arguably more basic than usual. But I'd say configuring for security is a legitimate security topic. – keshlam Dec 16 '14 at 14:14
0

It is unlikely you neighbour can access you router via "public IP". I don't know where you live, but in UK and Italy you need to specifically ask (and pay) for a static IP address otherwise your IP will change virtually every time your router re-connect to internet.

However, with a WiFi router, he could connect to your internal network if he did set it up to be shared. He could then access files in your computer, but only if the folder has been marked as "shared" (in Windows you'd usually see a "hand" beneath the folder icon). If he also shared the Documents folder then yes, he can see your navigation history.

I don't mean to sound rude or offensive, but why do you think your neighbour would do that? Do you have "high value" files on your computer? Do you access restricted (i.e. with confidential data) websites? If the answer is yes, then you should be more worried about hackers than about him.

If you really think he could be connected to your network, let me know what operating system you're using and I'll explain how to check.

Rory Alsop
  • 61,367
  • 12
  • 115
  • 320
algiogia
  • 461
  • 3
  • 5
  • "He installed a Linksys router in my house after I complained to him about poor signal strength." I guess that indicates there's WiFi involved, rendering part of your answer pointless. – Mast Dec 15 '14 at 18:02
  • Thanks @Mast. It is actually possible to have poor signal on wired connection or the OP could have swapped from WiFi to wire... But you are probably right and I've edited my answer. – algiogia Dec 16 '14 at 09:26