Hitron Modem Wi-Fi Compromised

Need Help?

That's what we're here for! The goal of the Rogers Community is to help you find answers on everything Rogers. Can't find what you're looking for? Just ask!
cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
I Plan to Stick Around
Posts: 17

Hitron Modem Wi-Fi Compromised

This morning my Wi-Fi network was renamed and my passphrase had been changed. The passphrase I used was actually an alphanumeric string and 63 characters long. I have AES encryption and WPA2 mode enabled.

 

With such a long passphrase, it is hard to imagine someone brute forcing it. 

 

Is there anything else I can do to harden this network/router settings and also maybe see where the compromise happened?

 

*Edited Labels*

Resident Expert
Resident Expert
Posts: 6,145

Re: Hitron Modem Wi-Fi Compromised

You should also ensure that WPS is disabled in both the 2.4 and 5 Ghz tabs.  WPS is not secure.

 

Disable UPNP if you don't need it, or use it to set gaming or application port forwarding:  BASIC .... GATEWAY FUNCTION .... UPNP --> Disabled.

 

I would also reset the wifi password to a different alphanumeric string.  It will be a pain to reenter that into something like a mobile phone or ipod/ipad, but, usually you don't expect to change that very often.  Fwiw, as one normally doesn't have to enter the wifi network name, fill that with some alphanumeric string as well.  The combination of random alphanumeric strings in both the network name and passphrase will prevent anyone from using pre-computed lookup tables which are available on the internet and used for wifi network hacking. 

 

If you don't want to generate the strings manually, you can use the following GRC page to do that:

 

https://www.grc.com/passwords.htm

 

Each page refresh will result in new passphrases. 

 

You could also turn off the SSID broadcast, so that the network name isn't observable with ordinary applications.  From what I remember reading, that doesn't make it more secure, just more of a challenge for anyone to determine what it is.  Anyone running a Linux laptop with the wifi in promiscuous mode should be able to determine what it is.  The one problem with this is the possibility that Apple devices won't be able to use the wifi network.  Previous Apple devices would not run on a hidden SSID network.  Maybe that's changed?? Don't know.....



I Plan to Stick Around
Posts: 17

Re: Hitron Modem Wi-Fi Compromised

I had UPNP and WPS already disabled, which are typically the most insecure settings. Just changed all the passphrases (the GRC page is actually where I got the original ones I was using).

 

Wonder how this happened? Likely some sort of man-in-the-middle attack via some sniffer software?

I Plan to Stick Around
Posts: 64

Re: Hitron Modem Wi-Fi Compromised


@Datalink wrote:

You should also ensure that WPS is disabled in both the 2.4 and 5 Ghz tabs.  WPS is not secure.

 

Disable UPNP if you don't need it, or use it to set gaming or application port forwarding:  BASIC .... GATEWAY FUNCTION .... UPNP --> Disabled.

 

I would also reset the wifi password to a different alphanumeric string.  It will be a pain to reenter that into something like a mobile phone or ipod/ipad, but, usually you don't expect to change that very often.  Fwiw, as one normally doesn't have to enter the wifi network name, fill that with some alphanumeric string as well.  The combination of random alphanumeric strings in both the network name and passphrase will prevent anyone from using pre-computed lookup tables which are available on the internet and used for wifi network hacking. 

 

If you don't want to generate the strings manually, you can use the following GRC page to do that:

 

https://www.grc.com/passwords.htm

 

Each page refresh will result in new passphrases. 

 

You could also turn off the SSID broadcast, so that the network name isn't observable with ordinary applications.  From what I remember reading, that doesn't make it more secure, just more of a challenge for anyone to determine what it is.  Anyone running a Linux laptop with the wifi in promiscuous mode should be able to determine what it is.  The one problem with this is the possibility that Apple devices won't be able to use the wifi network.  Previous Apple devices would not run on a hidden SSID network.  Maybe that's changed?? Don't know.....


I'm glad I came across this post as I was unaware of the WPS setting and it not being secure. 
What's the issue with it and why is it available if there are security issues? 
Just curious

Thanks 🙂

Highlighted
Resident Expert
Resident Expert
Posts: 6,145

Re: Hitron Modem Wi-Fi Compromised

There are a number of issues with WPS:

 

1.  The WPS key is 8 digits long, with the 8th digit being a checksum of the previous digits, so, any attacker only has to solve 7 digits.

2.  From what I remember reading, some or all WPS systems respond to a WPS attempt, which is incorrect, by sending out one half of the key, so, anyone attempting to crack the key only has to solve 4 digits.

3.  A good number of routers/modems don't limit the number of attempts that a user, or attacker can try, in order to connect to the device.  That lets an attacker run continuous attempts to solve those 4 or 7 digits whichever is applicable.  If the router/modems limited the number of attempts to say, 2 attempts within 5 min, followed by a one hour lockout, or longer, then it would take several more hours to crack a WPS key.  It wouldn't make the key any more secure, just force an attacker to spend several more hours, if not days to recover the key. 

4.  The WPS key, in a good number of cases is built on unsecure data, which can be recovered during an attack, making the attack much simpler.

5.  The WPS as a whole might have been secure, to some degree, on the very day that it was approved, but, like anything else, it wasn't long before hackers determined the weakness in the WPS design and developed tools to attack WPS keys.  A WPS attack is trivial now with the right tools (hacking applications).

6.  Cracking the WPS key allows the attacker to recover wifi passphrase very easily, allowing full access to the router or modem.  In the case of the current Rogers modem password and wifi passphrase, I highly recommend using different passwords/passphrases.  This requires the user to log into the modem after it has been setup in order to change one or the other or both.  Enabling WPS and keeping both modem password and wifi passphrase as the same character string would allow an attacker to gain full access to the modem.  The same would apply to a router with the same router password / wifi passphrase.  

7.  there are variations on a theme depending on the modem/router manufacturer.  Personal opinion, I'd love to see WPS removed from modems and routers, forcing users to use passwords and passphrases that would hopefully be more secure. 

 

You can run a search for this by using something like  WPS not secure  as a search term.  Here's a couple of links from that search:

 

https://nakedsecurity.sophos.com/2015/04/13/we-told-you-not-to-use-wps-on-your-wi-fi-router-we-told-...

 

https://en.wikipedia.org/wiki/Wi-Fi_Protected_Setup

 

Fwiw, the commonly used WPA2 encryption isn't secure either, but, its much tougher to crack if you use completely random SSIDs and Passphrases. 

 

https://www.bleepingcomputer.com/news/security/new-method-simplifies-cracking-wpa-wpa2-passwords-on-...

 

The advent of Graphics Processors, used in video cards has made it much simpler to crack wifi keys, simply due to the horsepower that the GPUs provide.  WPA3 was released for use in June 2018, and that should start rolling out over the next year via firmware updates to routers and modems.  Like anything else, its probably a matter of time before someone finds a hole in the design, or applies enough computing power to crack a WPA3 key.

 

Here's a search for WPA3 links:

 

https://www.google.ca/search?q=wpa3+certified+routers&rlz=1C1PRFI_enCA774CA774&oq=WPA3+&aqs=chrome.4...

 

Current Wifi Alliance certified WPA3 products can be seen here:

 

https://www.wi-fi.org/product-finder-results?sort_by=default&sort_order=desc&capabilities=16&keyword...

 

 

 

 



I Plan to Stick Around
Posts: 17

Re: Hitron Modem Wi-Fi Compromised

Thanks for the reply! 

 

I thought of something else in this time - it could also be possible that rogue or compromised mobile apps could sniff wifi passwords and send the credentials to hackers. This seems a more plausible attack vector than someone say using some brute force application and wifi sniffer.

 

My passphrase after this is 60 characters long. But that might not protect me from a mobile app as a "man in the middle" attack.

I Plan to Stick Around
Posts: 64

Re: Hitron Modem Wi-Fi Compromised

WOW!!! thank you.
I read that first link you shared before posting here. Good info.
My question now is, does this mean that a wifi extender is not worth the risk?
Resident Expert
Resident Expert
Posts: 6,145

Re: Hitron Modem Wi-Fi Compromised

Not at all.  I suspect that extenders will arrive with their own wifi passphrase which would let you log into the extender in order to set it's settings.  So, you shouldn't have to use WPS at all.  First step would be to log into the extender and set an interim passphrase.  Restart the extender and then log into it again to set the final parameters, including the real wifi passphrase and any other settings that might be applicable.  If you check the manufacturer's web site for any extender that you might be interested in, download the user manual and take a look at the setup procedure.  Determine if you can log into the extender using its default wifi passphrase.  If so, that would be ok to buy.  If the only way to use the extender requires WPS constantly enabled on the main router, then you might decide to keep looking.  It all depends on what you find. 

 

Edit:  One additional check you can run with the extender is to use a wifi scanner to check for any indication of active WPS.  If you have disabled WPS on the main modem/router, then when you look at your network with a wifi scanner, you should not see any indication of WPS being enabled.  If you then move to the area of the home where you're connected via the extender, you should not see any indication of an active WPS, assuming of course that you have disabled WPS in the extender.  Its worth checking it just to ensure that the extender user interface works as advertised. 

 

Here's a couple of scanners you can use:

 

inSSIDer Lite:  Requires a freebie account set up to use it.  Follow the bouncing ball, so to speak on the download to set up a freebie account:

 

https://www.metageek.com/products/inssider/free/?utm_source=MetaGeek+Customers&utm_campaign=d4c1da8a...

 

Lizard Systems wifi scanner:

 

https://lizardsystems.com/wi-fi-scanner/

 

A freebie home user licence can be obtained by using the Get Licence link for the Wifi Scanner on the following page:

 

https://lizardsystems.com/purchase/

 

Acrylic wifi scanner which is also free:

 

https://www.acrylicwifi.com/en/

 

If you load any of those, you can look at the details provided to check for active WPS running on your network.  Its very common to see Rogers modems with WPS running across the neighborhood 😞