can a router be hacked from across the internet? what are possible ways it can be hacked? [closed]

I hope it is OK to post here, please correct me if I am in the wrong spot.

I am attempting to learn more about information security. So just as an experiment I downloaded Kali Linux and a large dictionary of passwords gathered from several leaks, etc. and I used aircrack-ng to see if I could get into my wireless network.

To my surprise (horror?) my wifi password must have been in the dictionary and it was very easy to hack.

My wifi password is admittedly, not very secure but very arbitrary. So I am having a hard time believing anyone else would have had that password, which is making me wonder if I had been hacked at some point.

This is where I lack understanding. I only ever used this password for my wireless network.

Here is my question, is there any way that a router could be hacked from across the internet if someone had my IP address? Or would someone literally have to sit outside my house and try to hack into my network? I did have a port open for a multiplayer game if that makes a difference, I understand that can be a security risk, but apart from that, don't know much more.

thanks for any explanation.

2

2 Answers

There are actually 2 separate questions here, as well as a third possibility which should be considered -

1. Can your router be hacked across the Internet.

Depending on the router, this is possible - there are numerous routers which have back doors to allow them to be remotely accessed - in some cases its built in by service providers to allow them to upgrade routers, in others its negligent system build by the router manufacturers and in others its routers which have been compromised by 3 letter agencies. As a rule of thumb, if you have a router provided by your ISP or running default firmware you should consider it suspect. Routers running custom firmware (like DD-wrt) are less likely to be compromised, but this is not impossible.

2. How did my password land up in a dictionary

Its impossible to answer this definitively, however it is possible that

• your password is not as complex as you think it is and was in a local dictionary, or
• it was, in fact not in a local dictionary - rather some traffic was sniffed and the data was sent to an off-site system to be analyzed against a huge dictionary - these definately exist,
• The wireless encryption standard you are using was broken, and the password was decrypted because the encryption was broken rather then the password (WEP is very broken, other standards to a greater or lesser degree)

• Your router password may not have been arbitrary - it may have been a derivative of the mac address or some other formula created by the router manufacturer which was in use and was reverse engineered.

  3. The option you have not considered - That one of the DEVICES you use was compromised (for example through malware), and the password got out that way. (For that matter, it could have been a friend who used your WIFI's device) This is, IMHO, somewhat unlikely because it does not explain how the data got into the password list, but it is a more likely attack vector then the router having been compromised.

You stated "My wifi password is admittedly, not very secure but very arbitrary." Many people when they think of someone guessing their password imagine some hacker typing in passwords until he finds the right one. They don't understand that even fairly unsophisticated attackers have access to software that automates the attack process with the software potentially making thousands of password guesses every minute. Often a device, such as a router, will have a userid of root, admin, or administrator. An attacker will launch a dictionary attack where the software will use a common user name paired against every word in the dictionary. If you select a word from a dictionary that's a very weak password and if your router is accessible from the Internet, e.g., if it provides a remote management function and you've enabled that function, the device may be compromised in just a few minutes. Attackers also use lists of commonly used passwords, sports teams, car names, etc. - often what users think would be hard to guess passwords are quite easily compromised ones.

Attackers may also pair name dictionaries with word dictionaries. E.g., a name dictionary will contain commonly used names, e.g., abe, alan, amy, ... zack, zed. The attack may start by trying abe as the username and then run through all of the words in a dictionary or multiple dictionaries. It may then move on to alan and submit all of the words in the dictionary along with that user name.

Some attack programs will also try random combinations of characters as a password, because some people think that picking some random combination like 1234ab will protect them. But, again, since a program can try thousands of guesses in a minute if the attacked device doesn't lock out an account or access from an IP address after a limited number of password guesses, if you have less than 8 characters in a password, your system likely can be easily compromised, because some attack programs will try combinations of characters up to a specified limit and, if you have less than 8 characters for a password, if an attacker lets his program run against your IP address for hours or even days, the program may be able to find the password.

A strong password should be at least 8 characters in length and should contain characters from at least 3 separate character sets where one set can be all the lower-case letters in the alphabet, another all of the upper-case letters in the alphabet, another all of the digits, i.e., 0 to 9, and another the set of special characters, such as the pound sign, exclamation mark, dollar sign, dash, underscore, etc.

I know some people will assume "no one would be interested in my system", but there are people throughout the world scanning broad ranges of IP addresses looking for systems with known vulnerabilities or easily guessed passwords. When I used to run an FTP server that was publicly accessible, I would see daily dictionary attacks from systems throughout the world. I remember one day that access to the system, which was in the U.S., was particularly slow I found 5 separate dictionary attacks running simultaneously, including a couple from different Chinese IP addresses and one from Brazil.

If your router isn't remotely manageable, but you are concerned that someone may have guessed the Wi-Fi Protected Access key you use to access your router by a WiFi connection, only those in wireless range of your router can attempt to break in by guessing the Wi-Fi key. If you live in a rural area with few neighbors nearby who might be able to establish a wireless connection to your router, then the probability that there is someone nearby who has used a tool such as Aircrack-ng to gain access to your router is lower than if you live in a apartment complex with many people any one of whom might want to compromise your router, perhaps just to gain free WiFi service via your router.

But even if none of your nearby neighbors would attempt to gain unauthorized access to your router, you are still vulnerable to wardriving in which someone may drive through a neighborhood with a system that has software that will look for vulnerable Wi-Fi connections. Whey would someone want to do that? It might just be to see if he could do it. Or someone who might plan to engage in some illegal activity who doesn't want law enforcement officials to be able to connect that activity to him, may desire to link the originating IP address of the activity to someone else.

There are also people who use devices that can enable their systems to pick up weaker Wi-Fi signals than they would normally be able to detect. So, just because you might walk to the end of your driveway with your laptop and not see the Wi-Fi signal from your home router, doesn't mean that no one else could get onto your Wi-Fi network from that location.

You should, if you haven't done so already, immediately pick a strong key for wireless access to your router.