can you recommend any (opensource or trusted) android apps to check who’s using your wifi? or any cmd prompt code to search on the desktop?

a small doubt: can anyone hack your computer through WiFi? If so, How to prevent that (or) How to take measures after you think you been hacked?

  • anamethatisnt@lemmy.world
    link
    fedilink
    arrow-up
    42
    ·
    edit-2
    1 year ago

    Login to your router or wireless access point and check what devices are connected. Then setup mac adress filtering to improve your security, if you can be bothered to have to add your devices mac adresses manually.

    mac adresses are easily spoofed though, so it isn’t foolproof.

    • deergon@lemmy.world
      link
      fedilink
      English
      arrow-up
      20
      arrow-down
      3
      ·
      1 year ago

      Also note that mac addresses can change automatically on iOS, because of the Private Wifi Address feature

  • sokkies@lemmyrs.org
    link
    fedilink
    English
    arrow-up
    20
    ·
    1 year ago

    Just log into your routers admin panel and see if there are any online devices online that arent yours? That would be my goto because then you can just block them from the panel?

    otherwise via linux cli you can do arp-scan and youll see online devices in your subnet. Theres also a few options to scan different interfaces

  • Boring@lemmy.ml
    link
    fedilink
    arrow-up
    10
    ·
    1 year ago

    Checking the router is probably the only way to see if someone is active on your network.

    Can anybody hack your computer? No. Most people only know how to run scripts that are known and patched in most operating systems.

    There are skilled people who may be able to create an exploit or find a vulnerability in your computer, but they will mostly target businesses or people they know will be worth it to hack, so most likely they won’t bother you.

    Generally if your on your own WiFi, having a WPA-2+ personal password is enough, but the more paranoid may have an IDS/IPS on their home network.

    If your out and about, I’d personally use a VPN. I don’t like public ones and like to recommend setting one up on your home WiFi instead.

    If you think you’ve been hacked… change your passwords and run virus scans. If you still don’t feel safe, backup your data and reinstall your operating system.

  • slazer2au@lemmy.world
    link
    fedilink
    arrow-up
    6
    ·
    1 year ago

    Your best bet is to log into your modem and look at the ARP table to see what devices have recently talked on your network, and look at your DHCP pool to see what devices are currently assigned addresses.

    can anyone hack your computer through WiFi?

    Yes-ish. If you are running out of date installations or have weak user passwords on your PC then a remote compromise can happen.

    If you think someone has compromised your wifi, first thing is to change your wifi password and router password. 12 characters including uppercase lowercase letters, numbers and symbols.

    • Observer1199@lemmy.ml
      link
      fedilink
      arrow-up
      13
      ·
      1 year ago

      Just a slight correction - the old recommendation of using random chars, numbers, and symbols is no longer best practice as it causes more issues than it solves. New best practice is use long passphrase with minimum 16 characters but I’d recommend minimum 24 for future proofing. That sounds like a lot but “mary-had-a-little-lamb” is 22 chars and not hard to remember or type. Obviously don’t use exactly that password (since it’s mine & passwords should be unique 😉)

        • Observer1199@lemmy.ml
          link
          fedilink
          arrow-up
          4
          ·
          1 year ago

          Rule 41 of the internet - there’s always a relevant XKCD comic.

          I’m not sure that the maths in it is correct - I know there’s some criticism of that in particular example but I think it holds up as long as you make it long enough and don’t just use common short words or common phrases. Its also bad if there’s a pattern to your passphrases e.g. only using colours, or sports team mascots, or all words of the same length, etc

          And where possible use MFA (unless it’s SMS based, then I wouldn’t bother - I suspect when businesses offer that they just want to collect your phone number and don’t care about security).

          • slazer2au@lemmy.world
            link
            fedilink
            arrow-up
            4
            arrow-down
            1
            ·
            1 year ago

            It is weak to dictionary attacks far less then a random string is. Each method has advantages and disadvantages.

            • 𝕸𝖔𝖘𝖘@infosec.pub
              link
              fedilink
              English
              arrow-up
              2
              ·
              edit-2
              1 year ago

              Kind of, yes. If they use special characters and numbers, too, dictionary attacks would be far less useful. In the XKCD example above, something like this (Correct@Horse&BatteryStaple8) will be much harder with a dictionary attack. Definitely not impossible, though. Nothing is 100%.

              I used to install and use foreign keyboard languages, but found it nearly impossible to use in some instances (bank sites, older iPhones versions, and so on).

  • Mikelius@lemmy.ml
    link
    fedilink
    arrow-up
    6
    ·
    edit-2
    1 year ago

    I forward all router logs to a syslog server which then parses and alerts me of “unknown Mac addresses” joining the network as soon as even one log shows up. If you have a syslog server and some way to index/parse those logs, that’s one way to do it

  • Possibly linux@lemmy.zip
    link
    fedilink
    English
    arrow-up
    3
    ·
    edit-2
    1 year ago

    Couldn’t you just monitor your WiFi at the router level?

    Anyway you can use nmap to scan your entire network to find all connected devices. Its not foolproof but its a start

  • neosheo@beehaw.org
    link
    fedilink
    English
    arrow-up
    1
    ·
    edit-2
    1 year ago

    You can use arpwatch. It reports new mac addresses on a given network interface.

    Here’s my setup. I have a raspberry pi running pihole and unbound. I set that raspberry pi as my primary dns on my router. Now in order to use the internet all devices will make dns queries over wifi (you can use a wired pi as well) to the pi which means it will also see all devices using your wifi and notify you when a new one shows up or if an ip changes mac addresses.

    Keep in mind these notifications use smtp (email) and you most likely need a mail server to receive them.

    I have a matrix server on my network that has postmoogle (email bridge) that can receive the emails from arpwatch and send them to me as a matrix message

  • Monkey With A Shell@lemmy.socdojo.com
    link
    fedilink
    arrow-up
    3
    arrow-down
    5
    ·
    1 year ago

    WiFi is really no less secure than wired aside from being harder to keep people from having physical access, and since most home users don’t use any kind of connectivity protection on wired ports it might even be seen as more secure.

    • Coreidan@lemmy.world
      link
      fedilink
      English
      arrow-up
      6
      ·
      1 year ago

      Huh? You have to break into my house to get on my LAN and that’s the case for 99% of people. You don’t need to do that with wifi. There is no realm where wired is less secure than wifi.

      • 𝕸𝖔𝖘𝖘@infosec.pub
        link
        fedilink
        English
        arrow-up
        2
        arrow-down
        1
        ·
        edit-2
        1 year ago

        Not necessarily. If you have an off the shelf home network, and you have a vulnerable device (smart toaster, smart light bulb, IP camera, unpatched laptop, old iPhone or Android version, unpatched router, etc.), wired or wireless doesn’t make much of a difference. Once one device on your network is compromised, the entire network is compromised. I don’t have to be near you to get that done. Shoot, I don’t even have to be in the same country to get that done. I would say, due to the proximity rule, wifi is less secure since it takes less effort, but only in terms of that one rule.

        E: added a couple more examples of common vulnerable devices.

      • Monkey With A Shell@lemmy.socdojo.com
        link
        fedilink
        arrow-up
        1
        arrow-down
        1
        ·
        1 year ago

        That’s the point of mentioning the physical access. Yes it’s easier to get at ‘physically’ in that it allows you to reach it through walls, but, if physical access WAS obtained what protections do you have in place for a lan jack? It’s possible to use 802.1x auth or such but for most home users it’s just a case of plug in a cable and you’re part of the network.

        • Coreidan@lemmy.world
          link
          fedilink
          English
          arrow-up
          4
          ·
          1 year ago

          Again someone is going to have to break into your house to accomplish this. You have much bigger problems if that happens.

          The more realistic approach would be people sitting outside of your house trying to brute force your wireless password, which only works on networks with default or weak passwords.

          The odds of someone breaking into your house to use your net are virtually zero. On the other hand people sitting in their cars to high jack wireless happen all the time. Anyone can do it they just need to be in proximity to your house and you’ll never know it’s happening.

          • Monkey With A Shell@lemmy.socdojo.com
            link
            fedilink
            arrow-up
            1
            arrow-down
            1
            ·
            1 year ago

            https://shop.hak5.org/products/lan-turtle

            Assume physical access, someone walks in and has 5 minutes out of sight. A decent wpa2 password would take an extraordinary long time to brute force. Something like above gets deployed and allows remote access in seconds on an unprotected lan. As noted in another comment sketchy IOT gear is a threat people install willingly. The old test of leaving a loaded USB in the parking lot catches more people than is reasonable. Don’t assume a physical door is going to stop someone more than a proper technical barrier.