Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

What are the signs of a compromised WiFi/Router?


  • Please log in to reply
8 replies to this topic

#1 Eorlingas

Eorlingas

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:40 AM

Posted 21 November 2015 - 01:58 PM

Hello. I'll admit upfront that I'm a pretty paranoid person, medically. No stranger to computers at all, but still paranoid about them, especially when it comes to hacking and compromising of sensitive data. This isn't so much a request for help with symptoms, but a question as to what those symptoms are. I realize it might seem silly to some or ridiculous to think of, but it'll give me peace of mind to have this answered at long last.

 

I got my home network set up not too long ago, and once it was all done, I never really checked my equipment after that. I never thought I had the need to, which wasn't smart on my part. Recently, however, I got the unshakable feeling that something was wrong, or that I was being monitored, even with no symptoms. I've got plenty of AV and AM protection and a strict firewall, and I never click suspicious links or download suspicious files. I did hear, however, that determined hackers can use WiFi itself to do nasty things to your computer and breach it.

 

Yesterday my smartphone, an iPhone 4, ran out of battery power (as they tend to do), and after recharging it, I noticed I couldn't connect to my WiFi all of a sudden. Not sure if that ever happened, I reset its network settings, re-entered my PSK, and all was well. However, this ticked my "Oh God, something horrible's happening" feeling, and I checked my modem itself.

 

I obviously don't give out my PSK to people and have never had any physical modem issues, but I did notice that the Firewall options were all turned off. The make/model is an Arris Netgear from Time Warner Cable. My security setting is WPA2-PSK. As I never really bothered checking the settings after the technician set it up, I don't know if its firewall is off by default, if he turned it off, or if someone else turned it off. I changed the PSK just to be on the safe side and enabled the firewall.

 

And that's where I am today. Very worried and on-edge about this. Yesterday I was installing a fresh OS (8.1) into my PC, and noticed a few different things that might be unrelated. GWX.exe, the Windows 10 updating app, was installed, even though I opted out of upgrading. This had never appeared on my desktop before (the last time I'd clean-installed was on a new HDD back in October). There was also an odd "Checking your Internet Connection..." message during the OS installation, a message I'd also never seen before. My personal PC, custom-built, uses an Intel Ethernet Wired Connection. A work PC I have, a Dell, uses a Wireless Connection. On a sidenote, Windows Updates downloaded pretty darn fast on this new OS. Installed at its usual slow pace, but downloaded faster than I'd seen before. Leave it to me to associate a fast download with problems. Nevertheless, all virus scans, Malwarebytes scans, cmd prompt commands like SFC resulted in no issues being found.

 

Like I said, I do suffer from medical issues resulting in heightened anxiety and paranoia, and all of this might sound crazy to some - it's embarassing to post, really, but I have no idea who else to turn to or very computer savvy friends. I don't want to overthink things, but I also don't want to pass off potential serious problems as baseless worry. My question in all of this is basically:

 

What are the symptoms of a breached or compromised router/modem/computer or WiFi connection? Can attackers use a compromised router /modem/computeror WiFi connection to harm my computer in any way? Do my symptoms sound at all like those associated with an attack or compromised router/modem/computer/WiFi connection? If so, what can I do to resolve these issues and resecure my computer?

 

I deeply appreciate any answers or help I get on this. I'd just like to rest easy for a while. I apologize if this is in the wrong section.


Edited by Eorlingas, 21 November 2015 - 02:03 PM.


BC AdBot (Login to Remove)

 


#2 technonymous

technonymous

  • Members
  • 2,516 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:40 AM

Posted 21 November 2015 - 02:27 PM

Typically a hacker will not make themselves known. On a fast computer you may not even notice they are there. Usually you find out about it after the fact when someone steals your passwords or changes a password on something, or does someting worse like delete data. Usually the NAT and firewall is enabled by default. Netgear is usually on top of their firmware updates. However, model number of the router can help in search for flaws.


Edited by technonymous, 21 November 2015 - 02:27 PM.


#3 Eorlingas

Eorlingas
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:40 AM

Posted 21 November 2015 - 02:44 PM

TG862G is the model number.

 

NAT was enabled, but the Firewall settings weren't other than the passthroughs.


Edited by Eorlingas, 21 November 2015 - 02:45 PM.


#4 shelf life

shelf life

  • Malware Response Team
  • 2,675 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:04:40 AM

Posted 21 November 2015 - 02:49 PM

Compromised router might be: Are you locked out? (passwords been changed), DNS settings get changed (browser has a mind of its own for all devices). Other MAC or unknown connected device. Custom firmware is installed. Sends you to malicious page for custom exploit install.

 

 

Do my symptoms sound at all like those associated with an attack or compromised router/modem/computer/WiFi connection?

No.

 

 

Firewall options were all turned off

Maybe the default or it was toggled off during the setup.

 

 

GWX.exe, the Windows 10

I think if your machine is set to download and install Windows update automatically you will get W10 if you want it or not. You can pick and chose what updates to download and avoid the KBxyz123 downloads that will install the nagware to get W10.

 

 

harm my computer in any way

If you mean access your machine, yes its possible but owning your router could do plenty of damage on its own.


Edited by shelf life, 21 November 2015 - 03:07 PM.

How Can I Reduce My Risk to Malware?


#5 Eorlingas

Eorlingas
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:40 AM

Posted 21 November 2015 - 03:19 PM

And the firewall settings were likely that way set setup or default?

 

No one else has ever accessed the router (that I know of) and no passwords or strange settings were changed or in place.



#6 shelf life

shelf life

  • Malware Response Team
  • 2,675 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:04:40 AM

Posted 21 November 2015 - 08:07 PM

 

And the firewall settings were likely that way set setup or default?

Could be. I hope the default would be to have it on.

You said a tech set it up for you, maybe he toggled it off thinking (wrong) that it would help with any support call in issues to your ISP?  Usually ISP internet support might ask do you have a firewall?  So he would help phone support by turning it off. Of course the router fw is not the one they mean. Just a guess on my part, thats all.


How Can I Reduce My Risk to Malware?


#7 Eorlingas

Eorlingas
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:40 AM

Posted 22 November 2015 - 07:01 PM

It came back to me that that's exactly what happened. I reset the router to look over it, and indeed, most of the settings were default that way except for the main firewall, which is on by default, but my memory was jogged by another that we turned that off, and the tech guy installing it said it could lead to better speed and low risks if all our computers had firewall on anyway.

 

Still on edge about my phone, though. Maybe it's my paranoid confirmation bias working - I've been having some issues lately with medicine so that could be it - but I can't help but think that there might be something wrong with it. I've not had service in a while and never even really go to websites on my iPhone.

 

I keep hammering it home though to myself that unless I install or run malicious programs, and as long as I keep everything up to date and a good AV and AM on hand, the odds of me getting a large attack or virus delivered to me without me ever noticing are very, very slim, and would be out of the realm of just an individual hacking basis.

 

If I may ask to set my mind firmly at ease though: what are signs of a hacked or compromised WiFi connection on a smartphone?


Edited by Eorlingas, 22 November 2015 - 07:02 PM.


#8 technonymous

technonymous

  • Members
  • 2,516 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:40 AM

Posted 22 November 2015 - 07:01 PM

TG862G is the model number.

 

NAT was enabled, but the Firewall settings weren't other than the passthroughs.

Have you checked the logs?



#9 shelf life

shelf life

  • Malware Response Team
  • 2,675 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:04:40 AM

Posted 22 November 2015 - 08:25 PM

About your phone, you said it wouldnt connect. This can happen to wifi connected devices ocasionally, not just phones but gaming consoles, streaming devices etc. I have had the same experience. Sometimes a reboot of the router and the device itself might help.

​If your router was compromised, say the DNS settings got changed then you would notice it on your phone also. Page redirection etc.You should also have a AV app on your phone as well. I think the majority of signs would be noticeable on the phone itself.

​Signs on the phone itself:

http://smallbusiness.chron.com/signs-symptoms-hacked-smartphone-33083.html

​For android but it can apply to iphones also

http://www.darkreading.com/mobile-security/android-security-8-signs-hackers-own-your-smartphone/d/d-id/1112787


How Can I Reduce My Risk to Malware?





1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users