How to go from wifi password to computer access
In looking at What can hackers do with a wifi password?, it is said:
Simply said, if someone has your Wifi password, they have full access to all connected computers and devices within your network. This can be used to do anything from copy data, monitor your usage, send data (typically virus or other sniffer program), watch you on your own webcam, play music on your computer, and a variety of other things.
This sounds like it means, if the wifi password is obtained, you can somehow end up directly running a program on someones laptop. I don't quite see the connection there though. Wondering if one can outline the pieces to make the connection.
My attempt at explaining how it might work... I'd imagine that first you would sniff the network traffic given that you are connected to the network. Not sure exactly how this works but it is said it's straightforward to inspect packets from connected devices on a network if you're on it too. Not sure what sort of security exists here. But given they are sniffing the traffic, I would guess they could monitor any passwords you send over the network. From there I guess if you use the same password on your computer as on the internet then they could type in the password on your computer remotely somehow. I am all guessing here, I don't see how it's possible. You would somehow have to inject something directly into the computer, which just seems backwards.
passwords network sniffer
asked Dec 30 '18 at 16:24
Lance PollardLance Pollard
228213
add a comment |
In looking at What can hackers do with a wifi password?, it is said:
Simply said, if someone has your Wifi password, they have full access to all connected computers and devices within your network. This can be used to do anything from copy data, monitor your usage, send data (typically virus or other sniffer program), watch you on your own webcam, play music on your computer, and a variety of other things.
This sounds like it means, if the wifi password is obtained, you can somehow end up directly running a program on someones laptop. I don't quite see the connection there though. Wondering if one can outline the pieces to make the connection.
My attempt at explaining how it might work... I'd imagine that first you would sniff the network traffic given that you are connected to the network. Not sure exactly how this works but it is said it's straightforward to inspect packets from connected devices on a network if you're on it too. Not sure what sort of security exists here. But given they are sniffing the traffic, I would guess they could monitor any passwords you send over the network. From there I guess if you use the same password on your computer as on the internet then they could type in the password on your computer remotely somehow. I am all guessing here, I don't see how it's possible. You would somehow have to inject something directly into the computer, which just seems backwards.
passwords network sniffer
asked Dec 30 '18 at 16:24
Lance PollardLance Pollard
228213
5
They are wrong.
– defalt
Dec 30 '18 at 16:29
add a comment |
In looking at What can hackers do with a wifi password?, it is said:
Simply said, if someone has your Wifi password, they have full access to all connected computers and devices within your network. This can be used to do anything from copy data, monitor your usage, send data (typically virus or other sniffer program), watch you on your own webcam, play music on your computer, and a variety of other things.
This sounds like it means, if the wifi password is obtained, you can somehow end up directly running a program on someones laptop. I don't quite see the connection there though. Wondering if one can outline the pieces to make the connection.
My attempt at explaining how it might work... I'd imagine that first you would sniff the network traffic given that you are connected to the network. Not sure exactly how this works but it is said it's straightforward to inspect packets from connected devices on a network if you're on it too. Not sure what sort of security exists here. But given they are sniffing the traffic, I would guess they could monitor any passwords you send over the network. From there I guess if you use the same password on your computer as on the internet then they could type in the password on your computer remotely somehow. I am all guessing here, I don't see how it's possible. You would somehow have to inject something directly into the computer, which just seems backwards.
passwords network sniffer
asked Dec 30 '18 at 16:24
Lance PollardLance Pollard
228213
In looking at What can hackers do with a wifi password?, it is said:
Simply said, if someone has your Wifi password, they have full access to all connected computers and devices within your network. This can be used to do anything from copy data, monitor your usage, send data (typically virus or other sniffer program), watch you on your own webcam, play music on your computer, and a variety of other things.
This sounds like it means, if the wifi password is obtained, you can somehow end up directly running a program on someones laptop. I don't quite see the connection there though. Wondering if one can outline the pieces to make the connection.
My attempt at explaining how it might work... I'd imagine that first you would sniff the network traffic given that you are connected to the network. Not sure exactly how this works but it is said it's straightforward to inspect packets from connected devices on a network if you're on it too. Not sure what sort of security exists here. But given they are sniffing the traffic, I would guess they could monitor any passwords you send over the network. From there I guess if you use the same password on your computer as on the internet then they could type in the password on your computer remotely somehow. I am all guessing here, I don't see how it's possible. You would somehow have to inject something directly into the computer, which just seems backwards.
passwords network sniffer
passwords network sniffer
asked Dec 30 '18 at 16:24
Lance PollardLance Pollard
228213
asked Dec 30 '18 at 16:24
Lance PollardLance Pollard
228213
asked Dec 30 '18 at 16:24
Lance PollardLance Pollard
228213
asked Dec 30 '18 at 16:24
Lance PollardLance Pollard
228213
asked Dec 30 '18 at 16:24
Lance PollardLance Pollard
228213
228213
5
They are wrong.
– defalt
Dec 30 '18 at 16:29
add a comment |
5
They are wrong.
– defalt
Dec 30 '18 at 16:29
5
5
They are wrong.
– defalt
Dec 30 '18 at 16:29
They are wrong.
– defalt
Dec 30 '18 at 16:29
add a comment |
1 Answer
1
active
oldest
votes
You're mostly right - and indeed, as default commented, "they" are wrong.
What you might do if you had access to the wifi access point would be to lie to the connected devices and turn something they're doing into a point of entry.
For example you might wait until some specific Web request is made to some very common resources (for instance, the jQuery library scripts on a CDN). Then, provided there wasn't any extra security on the call or on the resource (smart sites employ both), you would "tell" the browser that the site hosting the resource is not the real site, but another that you control. The jQuery library there is a modification of the real one, that also performs several tests in search of vulnerabilities.
It could try and download a corrupt PDF file, or a malicious Windows Shell script, and so on.
If one of the exploits is viable, bam!, you own the target machine.
Otherwise, there are still things that can be done even with a limited access - a very common one is try and "enrich" the connected browsers with crypto-mining scripts, stealing some computing power and electricity to run the calculations required to "create" crypto-coins which are then sent to the attacker.
Also, several resources inside the network are often not protected at all (NAS backups, DLNA players, or even computer shares). The data on those is therefore free for the taking.
answered Dec 30 '18 at 17:42
LSerniLSerni
18.1k34048
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "162"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f200577%2fhow-to-go-from-wifi-password-to-computer-access%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
You're mostly right - and indeed, as default commented, "they" are wrong.
What you might do if you had access to the wifi access point would be to lie to the connected devices and turn something they're doing into a point of entry.
For example you might wait until some specific Web request is made to some very common resources (for instance, the jQuery library scripts on a CDN). Then, provided there wasn't any extra security on the call or on the resource (smart sites employ both), you would "tell" the browser that the site hosting the resource is not the real site, but another that you control. The jQuery library there is a modification of the real one, that also performs several tests in search of vulnerabilities.
It could try and download a corrupt PDF file, or a malicious Windows Shell script, and so on.
If one of the exploits is viable, bam!, you own the target machine.
Otherwise, there are still things that can be done even with a limited access - a very common one is try and "enrich" the connected browsers with crypto-mining scripts, stealing some computing power and electricity to run the calculations required to "create" crypto-coins which are then sent to the attacker.
Also, several resources inside the network are often not protected at all (NAS backups, DLNA players, or even computer shares). The data on those is therefore free for the taking.
answered Dec 30 '18 at 17:42
LSerniLSerni
18.1k34048
add a comment |
You're mostly right - and indeed, as default commented, "they" are wrong.
What you might do if you had access to the wifi access point would be to lie to the connected devices and turn something they're doing into a point of entry.
For example you might wait until some specific Web request is made to some very common resources (for instance, the jQuery library scripts on a CDN). Then, provided there wasn't any extra security on the call or on the resource (smart sites employ both), you would "tell" the browser that the site hosting the resource is not the real site, but another that you control. The jQuery library there is a modification of the real one, that also performs several tests in search of vulnerabilities.
It could try and download a corrupt PDF file, or a malicious Windows Shell script, and so on.
If one of the exploits is viable, bam!, you own the target machine.
Otherwise, there are still things that can be done even with a limited access - a very common one is try and "enrich" the connected browsers with crypto-mining scripts, stealing some computing power and electricity to run the calculations required to "create" crypto-coins which are then sent to the attacker.
Also, several resources inside the network are often not protected at all (NAS backups, DLNA players, or even computer shares). The data on those is therefore free for the taking.
answered Dec 30 '18 at 17:42
LSerniLSerni
18.1k34048
add a comment |
You're mostly right - and indeed, as default commented, "they" are wrong.
What you might do if you had access to the wifi access point would be to lie to the connected devices and turn something they're doing into a point of entry.
For example you might wait until some specific Web request is made to some very common resources (for instance, the jQuery library scripts on a CDN). Then, provided there wasn't any extra security on the call or on the resource (smart sites employ both), you would "tell" the browser that the site hosting the resource is not the real site, but another that you control. The jQuery library there is a modification of the real one, that also performs several tests in search of vulnerabilities.
It could try and download a corrupt PDF file, or a malicious Windows Shell script, and so on.
If one of the exploits is viable, bam!, you own the target machine.
Otherwise, there are still things that can be done even with a limited access - a very common one is try and "enrich" the connected browsers with crypto-mining scripts, stealing some computing power and electricity to run the calculations required to "create" crypto-coins which are then sent to the attacker.
Also, several resources inside the network are often not protected at all (NAS backups, DLNA players, or even computer shares). The data on those is therefore free for the taking.
answered Dec 30 '18 at 17:42
LSerniLSerni
18.1k34048
You're mostly right - and indeed, as default commented, "they" are wrong.
What you might do if you had access to the wifi access point would be to lie to the connected devices and turn something they're doing into a point of entry.
For example you might wait until some specific Web request is made to some very common resources (for instance, the jQuery library scripts on a CDN). Then, provided there wasn't any extra security on the call or on the resource (smart sites employ both), you would "tell" the browser that the site hosting the resource is not the real site, but another that you control. The jQuery library there is a modification of the real one, that also performs several tests in search of vulnerabilities.
It could try and download a corrupt PDF file, or a malicious Windows Shell script, and so on.
If one of the exploits is viable, bam!, you own the target machine.
Otherwise, there are still things that can be done even with a limited access - a very common one is try and "enrich" the connected browsers with crypto-mining scripts, stealing some computing power and electricity to run the calculations required to "create" crypto-coins which are then sent to the attacker.
Also, several resources inside the network are often not protected at all (NAS backups, DLNA players, or even computer shares). The data on those is therefore free for the taking.
answered Dec 30 '18 at 17:42
LSerniLSerni
18.1k34048
answered Dec 30 '18 at 17:42
LSerniLSerni
18.1k34048
answered Dec 30 '18 at 17:42
LSerniLSerni
18.1k34048
answered Dec 30 '18 at 17:42
LSerniLSerni
18.1k34048
18.1k34048
add a comment |
add a comment |
Thanks for contributing an answer to Information Security Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f200577%2fhow-to-go-from-wifi-password-to-computer-access%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
5
They are wrong.
– defalt
Dec 30 '18 at 16:29