May have found someone riding on my wifi

[alarmguy]

... I also found that family members (daughters) would give out our WiFi passwords to friends when they came over for a visit. Kids love to share passwords.

Yes great post.
Also to the OP if he changes his WiFI passwords he will need to default any security camera's and any other devices in the house. Ex. Thermostats, WiFi garage door openers, Alarm system and re-learn them using the new password.

I suspect @BobsArmory has figured it out. Kids or other family members gave out your WiFi password.
Anyone in your family or kids friends have iPhones?

I do think since you are concerned to changing the password but would not get overly concerned about it. Meaning sure tend to it but let's face it, no one can use your WiFi unless they are literally sitting outside your house or possibly next door neighbor. There most likely is a reason that isnt security related. You had the same password for many years and might be someone floating around with the weird Honda thing.

Ps.
Before you default all your cameras to reset the password. If your router allows you (I thought all do) cant you black list the devices in question and if concerned see what happens from that point forward? You may find the Apple is your own device and you may also find out something about the "Honda" in the sense the devices will stop working once blacklisted.

 

[OVERKILL]

Hiding the SSID is not a security measure.

This, for what has to be the 1000th time on here, lol!

 

[alarmguy]

I dont know why but many years ago when I turned off my SSID broadcast a couple of my devices would not connect. I never tired since anyway besides my next door neighbors arent coming after me and no one can park outside my home.

 

[BHopkins]

If you are going to be changing your password, and since you acknowledge that your current password is weak, may I suggest a method that will give you a very strong password, yet be easy to remember. It won't be anywhere near as strong as what @OVERKILL suggests, but still pretty safe. I guess you could make it as strong as you like. You will see.

Use a line, or lines, from a favorite song, one that you remember the words to, and preferably one that is long enough to give you some good security. Use the first letter from each word in the song as your password. Convert any letter i to a 1, the letter s to a $. You may also convert a few other characters, such as the letter t to a + or the letter a to @, since not all systems allow use of the $ symbol. And capitalize a character or two.

The password will end up appearing as totally random characters. For example, the first two lines of Sounds of Silence, "Hello darkness, my old friend. I've come to talk with you again.", would look like this: Hdm0f1c++wy@

Or Joy to the World by Three Dog Night. "Jeremiah was a bullfrog, was a good friend of mine. I never understood a word he said, but I helped him drink his wine.", could be Jw@bw@gf0m1nu@$wh$b1hhdhw

As required by most all security systems, the password has at least one capital letter, at least one symbol, at least one number, and of course a few lower case letters. You don't even have to remember the password, only the words of the song, and what letters are replaced with which characters.

If you are not a music lover, perhaps you memorize poems? Same thing. Favorite line out of Moby ****? Particular verses from the Bible? They all work.

I forgot to mention that, besides creating a strong password, the best benefit, is you never have to try to remember your password. You just have to remember the line(s) that you used to create the password from, and what letters were converted to numbers and symbols. I've been using this method for about 16 -18 years now, and still don't know my passwords. I just know the lines that they are based off of.

 

[TimeFlies]

I didn't want my wifi to be hard to log into, so my employees can use it.
Nothing hurt if someone wants to use my internet.

 

[rijndael]

Nothing hurt if someone wants to use my internet.

They'd get direct access to all PCs/Printers/Devices on your network. If they're not secure, you could be offering more than just internet. It's pretty easy for systems to end up compromised by ransomware, and you'd lose access to them. Even worse, your PC gets compromised and used for distributing kiddy porn.

 

[ka9mnx]

Hiding the SSID is not a security measure.

Sure, if you know how to use a Spectrum Analyzer.

Honestly, please enlighten me on how I'm wrong.

 

[John105]

YES. make a guest network. Then put you IOT things, like your cameras, on the guest network. Then turn off SSID broadcasting on your private network. Then, if you have a smaller RF path, Turn your SSID broadcasting power to "low" or "medium". I have mine set to low. Only put things on your private network you want to keep private. Like you home computers/laptops.

This is, of course, if you router is capable of doing these things. I think most are.

This is a great and practical idea. It was not until 2020 that I had anything IOT. I shared the paranoia that is demonstrated on this thread. What if, that IOT device is weak and allows people onto my network? It started with the TRANE thermostat for the new HVAC. Then, smart plugs, then, smart lights (this is up there on great ideas--they all have a timer feature--now, it can go on and off outside, when on vacation, brilliant). Now, Blink cams (imho these are toys but what do you want for free).

My home router is only capable of one guest network, so as you said, that's where everything IOT goes. I have a Meraki system from work and that would have allowed unlimited guest networks and regular networks. But do we need that at our homes? If you're some big time CEO with a personal detail and ride in armored vehicles, that home wifi is truly a threat since one likely has a team managing it. Rather than brute force the network, simply bribe a member of the team.

It's like in the old days when one lost a key. Anyone can watch a detective show like Rockford Files and realize that anybody can pick a lock. There were only 1024 combinations of keys, and how may vendors, 4,5,6, not many. Sometimes it is good to take a step back like Bobby Weir said, and just look at the scenario from 30k'. It may not warranty the "worry" that it does. Also, not everybody has unlimited budgets to address everything that goes bump in the night. On this forum, $500 is nothing lol But no matter how much money a person has, it still should follow marginal benefit > marginal cost.

 

[rijndael]

Sure, if you know how to use a Spectrum Analyzer.

Honestly, please enlighten me on how I'm wrong.

Here's a quick rundown on why you shouldn't hide the SSID.

Clients that need to find hidden SSID networks send out Probes Requests. This happens constantly as devices try to connect to their "preferred" wifi networks. And, clients move in and out of coverage all the time, even in your home. If you have a lot of devices on your wifi, you can sometimes see more Probe Requests with the SSID than AP Beacons. Those Probe Requests have the SSID, so it's easily learned by anyone within 802.11 earshot.

When you have to check that checkbox for "Connect even if the network is not broadcasting", you're doing this all the time, even when you're not at home, so it's leaked everywhere you go. This can actually be used to track devices. When you don't check that checkbox, it can connect when it hears the beacon. Overall, this constant probing is increasing the attack opportunity on the client side.

If you use a hidden SSID, without a password, you're really opening up your device. There are devices which will read probe requests and fire up an SSID to answer to it. Without a password your device can connect.

There are devices that can't connect to hidden SSIDs. This is because they're trying to follow RFC complaint behavior. Not broadcasting violates the RFC.

Some client types, like Apple devices, are much slower to connect to hidden networks.

 

[OVERKILL]

Sure, if you know how to use a Spectrum Analyzer.

Honestly, please enlighten me on how I'm wrong.

https://linuxconfig.org/discover-hidden-wifi-ssids-with-aircrack-ng

 

[tburke]

I keep a wide open SSID with no encryption for guests, neighbors, etc. to use. It's on an isolated VLAN and VRF that punts traffic straight to the internet... also uses DNS filtering (OpenDNS/Umbrella) and has port 53 blocked otherwise, to keep the network "clean" and minimize the chance of any shady activity.

We have redundant connectivity and power, and most (if not all) of my neighbors do not... doesn't bother me one bit if they want to jump on and borrow a cup of sugar some bits.

 

[TimeFlies]

They'd get direct access to all PCs/Printers/Devices on your network. If they're not secure, you could be offering more than just internet. It's pretty easy for systems to end up compromised by ransomware, and you'd lose access to them. Even worse, your PC gets compromised and used for distributing kiddy porn.

You can try, but not going to succeed.

Some people here must believe in their own mind, that they have so many extremely important things on their computer, that everyone wants them, and they're super important.

In reality if someone does gain access to the average person's computer, which is easily stopped, even while letting others use your wifi, it doesn't matter anyway.
I have absolutely nothing on my phone, tablets, computers, that is top secret. Even if someone wants to try and hack into my system, anything important like my banking app has its own password. My emails would put someone to sleep. If they access my pictures, they better like jetskis, jet boats, motorcycles, snowmobiles, semi trucks, old cars, my Saint Bernard, quads, and camping, because they won't find much else, and nothing that I wouldn't show my grandmother. Forums I belong to would bore most people, BITOG, Adventure rider, and mini jets, are the only 3 I'm on. When my drivers pull in they are to connect their company provided tablet, to the server that stores all drivers electronic logs, from that tablet. The tablet is connected all day to the trucks ELD. That server they download to is only for ELD information. The driver then brings in the tablet, and puts it on charge. Their next shift, they take it, put it back in any truck, and it reconnects with the truck its in. They check off that the pretrip is done, and start their day, everything is recorded to that tablet.
Worst thing someone could do is delete that info, but it wouldn't matter if they did.
It's not even a requirement by law, that i have it all downloaded.

 

[ka9mnx]

https://linuxconfig.org/discover-hidden-wifi-ssids-with-aircrack-ng

Nice read. Thanks.

I don't know how many people would go through all that to get into my home network. I'm sure a dedicated hacker or someone targeting me but they would have to be in my driveway. Would be rare and not go unseen in my small neighborhood.

I'll just keep my router silent and my broadcast power low as a preference, I'm kinda paranoid private, and continue to use a secure password. Nice to know the possibilities though.

 

[rijndael]

Some people here must believe in their own mind, that they have so many extremely important things on their computer, that everyone wants them, and they're super important.

Yea, my tax documents from the past 10 years is a pretty important thing to me. I'd rather not give it to someone. Even if I didn't care about that, I'd prefer not to give out my kid's SSNs (in my 1040) and other information.

You may have nothing, but plenty of people do.

In reality if someone does gain access to the average person's computer, which is easily stopped, even while letting others use your wifi, it doesn't matter anyway.

The average person struggles to troubleshoot their own print jobs when they fail. You make it sound like the majority are IT clueful. In reality, they have no idea how much they don't know.

 

[LDM]

You can try, but not going to succeed.

Some people here must believe in their own mind, that they have so many extremely important things on their computer, that everyone wants them, and they're super important.

In reality if someone does gain access to the average person's computer, which is easily stopped, even while letting others use your wifi, it doesn't matter anyway.
I have absolutely nothing on my phone, tablets, computers, that is top secret. Even if someone wants to try and hack into my system, anything important like my banking app has its own password. My emails would put someone to sleep. If they access my pictures, they better like jetskis, jet boats, motorcycles, snowmobiles, semi trucks, old cars, my Saint Bernard, quads, and camping, because they won't find much else, and nothing that I wouldn't show my grandmother. Forums I belong to would bore most people, BITOG, Adventure rider, and mini jets, are the only 3 I'm on. When my drivers pull in they are to connect their company provided tablet, to the server that stores all drivers electronic logs, from that tablet. The tablet is connected all day to the trucks ELD. That server they download to is only for ELD information. The driver then brings in the tablet, and puts it on charge. Their next shift, they take it, put it back in any truck, and it reconnects with the truck its in. They check off that the pretrip is done, and start their day, everything is recorded to that tablet.
Worst thing someone could do is delete that info, but it wouldn't matter if they did.
It's not even a requirement by law, that i have it all downloaded.

This is probably the worst advice that I have ever seen given in a thread like this. I have nothing to hide, therefore I don't need to protect myself. You understand that not everyone is looking for documents or other personal stuff of yours. Some are looking for wide open networks and systems so they can install malicious software that turns your computer into a zombie for the hackers and then they can do whatever they want with it and you don't even know it.

Personally I will stick with properly securing my wifi, routers, and computers to make it more difficult for anyone to even try. Especially since I do have important information on some of my systems that I really don't want anyone to get a hold of, like tax documents or other personal information that could be used to compromise my credit. As someone who has spend 25+ years in IT, security is very important. Always.

 

[OVERKILL]

Nice read. Thanks.

I don't know how many people would go through all that to get into my home network. I'm sure a dedicated hacker or someone targeting me but they would have to be in my driveway. Would be rare and not go unseen in my small neighborhood.

I'll just keep my router silent and my broadcast power low as a preference, I'm kinda paranoid private, and continue to use a secure password. Nice to know the possibilities though.

Would be more likely to be a neighbour's kid or something. For example, where I have my laptop situated, I can pickup around 30 networks, about 7 of them have the SSID's hidden. How long it takes to determine the SSID varies, depending on the frequency of the clients connecting/disconnecting, but it's not a lot of work to do it.

As I mentioned earlier in the thread, the best scenario involves using WPA3, but if you have a complex password that won't be in a word list, WPA2 is "fine".

 

[rijndael]

This is probably the worst advice that I have ever seen given in a thread like this.

So, somewhere <= Step 2

 

[Pew]

You can try, but not going to succeed.

Some people here must believe in their own mind, that they have so many extremely important things on their computer, that everyone wants them, and they're super important.

In reality if someone does gain access to the average person's computer, which is easily stopped, even while letting others use your wifi, it doesn't matter anyway.
I have absolutely nothing on my phone, tablets, computers, that is top secret. Even if someone wants to try and hack into my system, anything important like my banking app has its own password. My emails would put someone to sleep. If they access my pictures, they better like jetskis, jet boats, motorcycles, snowmobiles, semi trucks, old cars, my Saint Bernard, quads, and camping, because they won't find much else, and nothing that I wouldn't show my grandmother. Forums I belong to would bore most people, BITOG, Adventure rider, and mini jets, are the only 3 I'm on. When my drivers pull in they are to connect their company provided tablet, to the server that stores all drivers electronic logs, from that tablet. The tablet is connected all day to the trucks ELD. That server they download to is only for ELD information. The driver then brings in the tablet, and puts it on charge. Their next shift, they take it, put it back in any truck, and it reconnects with the truck its in. They check off that the pretrip is done, and start their day, everything is recorded to that tablet.
Worst thing someone could do is delete that info, but it wouldn't matter if they did.
It's not even a requirement by law, that i have it all downloaded.

There's other things they can do. For example, if you or any of your employees decide to login to your bank accounts, they can intercept the traffic. This also expands into any internet traffic like emails with SSNs, bank accounts, email accounts (which they can use to further spread.)

Having to do an audit after a cybersecurity attack is not fun either.

 

[rijndael]

For example, if you or any of your employees decide to login to your bank accounts, they can intercept the traffic. This also expands into any internet traffic like emails with SSNs, bank accounts, email accounts (which they can use to further spread.)

If the traffic originated from a wired connection, headed to a wired uplink port, a wireless client couldn't see it, unless they had a packet flooding issue. Wired traffic would be switched, not flooded.

If it was a wireless client originating the traffic, the traffic between the client and the server is still protected with https/TLS, so a wireless snooper could see the site they visited (TLS SNI and/or DNS) and some encrypted payload.

Data at rest on their PC or on a NAS, shared, is another story.

 

[wavinwayne]

Never found anyone on my wifi that didn't belong. Password is weird and not something anyone would guess at random.