Is it possible to gain control of Mobile phone or laptop which is connected to WIFI ?

[troubled soul]

Hello....

First Sorry for Ignorance If I mention something wrong. I am newbie.

My question is If someone is using my wifi....Is it possible to monitor or take control of that Device (i.e. Mobile phone or laptop..)

Is it possible ?

Is any simple method or software for this ?

Thanks

 

[Sols]

As a rule of thumb, anything can be hacked. It's just a question of what‌ weaknesses there are to exploit and how good your opponent is. If you follow good‍ security practices (good and unique passwords, 2FA where possible, updates, malware/virus scanners, network security, don't⁠ install sketchy apps, use different devices for different purposes), you're not going to be easy⁤ enough of a target for someone to go after unless they're very dedicated.

Are you⁣ feeling OK? Your threads seem to be getting more and more paranoid. It's good to⁢ take a step back sometimes... Get perspective, and reassess the situation.

 

[Meta]

My domain of knowledge. @Sols is generally right saying that everything can be hacked, but‌ you should not consider using a Wi-Fi a security threat. There is no tool that‍ a newbie may download, click a button and gain some control over other users in⁠ that Wi-Fi network. Regarding "monitor": you often can see other's traffic, but mostly it's encrypted⁤ https nowadays.

If we are not talking about three-letters agencies or really determined hacker groups⁣ (who are willing to put time and money in research, not one-click solutions) using Wi-Fi⁢ is fine =)

If somebody is using your Wi-Fi and you don't like that the︀ best way of action is to change password =) Cheers.

 

[myhand]

You got some good advise here. Strong passwords and 2FA will make it a much‌ safer environment for you to use wifi.

 

[troubled soul]

Thanks for all reply...
I think I can not pass my question properly....I am asking‌ about

" if you (Person A) have an existing Wi-Fi network that you control and‍ then someone else (Person B) connects to your Wi-Fi network, can you take over Person⁠ B's device. "​

Like If any person is connected with my Wi-Fi....Can I spy⁤ on them ?
@Sols
Yes I am alright....Thanks for your concern....seems My Bad English is⁣ the main culprit.....I was asking about spying on people who connected to my Wi-Fi....I am⁢ not worry about If someone can spy on me ......
Do anyone know any software︀ or service that help me on this ?

 

[Sols]

"Taking over" a device requires some⁣ form of software to take over the device. A hacker would have to install (or⁢ trick you into installing) a piece of software that they can then use to connect︀ to your device. This by itself does not depend on whether you use wifi or︁ not.

@Meta can correct me if I'm wrong, but I think other devices on a︂ wifi network may have access to exploits that you don't have when you are not︃ on the same LAN/WLAN. E.g., some applications may be less suspicious of a connection request︄ coming from a local network IP vs an external IP from the internet.

I was concerned because I've seen other people start asking more︇ and more questions like this , and sometimes it's a mental health issue. Glad you're︈ OK.

Yes and no.

It is possible to in some circumstances to intercept and sniff unencrypted︋ internet traffic. That's one of the reasons nearly every website nowadays uses HTTPS. If you︌ go back 5–10 years, HTTPS wasn't at all as common. It was seen as expensive︍ and burdensome. Something only banks and such services use. But today even websites like this︎ forum uses HTTPS.

Most browsers default to HTTPS now and will warn if you try️ to go to a non-HTTPS website, but you can use a plugin like HTTPS Everywhere‌ (HTTPS Everywhere) as an extra layer.

Default settings in⁠ modern operating systems are good enough in most cases.

In addition to that, use good⁤ firewall rules, passwords (all your devices, including your wifi router), antivirus, 2FA where supported, automatically⁣ lock your device after inactivity, and so on is the best you can reasonably do.⁢

You can also take steps to reduce risk of someone accessing your wifi. A good︀ password is enough in most cases, but many routers have functionality for only allowing certain︁ devices to connect. Once you have whitelisted all of your own devices, you can block︂ anyone else from connecting even if they know the password. If you have guests that︃ need wifi, set up a guest network for them (disable/change password when guests leave).

 

[JohnnyDoe]

I don't trust my tv, fridge and dishwasher. I asked Alexa to keep an eye on them. She refused ca#"!

Toggle signature

@JohnnyDoe ”“ Your #1 Source for Guidance in Different Offshore Fields​

 

[Meta]

If you want to do it I guess the easiest way is WiFi Pineapple, that's the︁ name of the product =) But it is still far from one-click solution. Take a︂ look here: WiFi Pineapple If the video on that page looks confusing, maybe just change︃ the Wi-Fi password and leave it there. If it looks clear and you want to︄ have some fun, well, order the thing, but don't expect great results. @Sols is absolutely︅ right saying that you may have more access when you are on the same LAN,︆ but nowadays most devices are secure enough to be protected from that. You will know︇ which websites they visit but will not know exact URLs. No passwords most likely.

 

[Cavaliere]

WiFi Pineapple is archaic and uses python2. What you are looking for is very much‌ doable, and there are tons of different ways to go about it. If I were‍ to hypothetically write a book about someone gaining access to a device

Arp cache poisoning:⁠

The best method would be to poison the ARP cache, performing a MiTM (man in⁤ the middle) attack combined with DNS poisoning. This way when the user types ie google.com,⁣ you respond with your own website. The user will see google.com on their machine, but⁢ a website your are hosting yourself. Then the next step is to gain a foothold︀ by directing the user to a website he is likely to visit and download something︁ from. You can see which website a user visits but not the data cause it's︂ encrypted.

You pick some nice malware for user to download, and at that point you︃ will have full control over everything.

This is just one method and pretty easy, you︄ can also scan the ports of the user device and see if a vulnerable service︅ is running there to gain a foothold. Or maybe an old Windows version etc.

Dns poisoning is basically how the China firewall works. They make sure only approved websites can︆ be viewed within China.

I would also NEVER use a Chinese made device nor download︇ Chinese software / apps on the device since a lot of them are backdoor-ed. Just︈ today a major Chinese e-commerce app turned out to be backdoored. US-made device have backdoors︉ too but there is a lot more backlash from the public in the US about︊ privacy invasion. Apple for example is quite serious about privacy (not really) in PR, and︋ the way Musk is anti-government would lead to immediate incarceration in China.

I personally use︌ Huawei laptops though, it depends on your threat-model. I would also use Huawei phone but︍ not for crypto. I would NEVER use a Chinese router, routers are extremely dangerous if︎ invaded by an advanced attacker for the reasons above. You can play for almost god.️

The same DNS spoofing method can be done far higher up the hierarchy and exploited‌ in a maddening amount of ways. If you live in a nation that does not‍ have strong controls on their secret service you must assume they can gain access to⁠ your devices whenever they want if the costs warrant it. This used to be a⁤ small problem only, cause many countries had poorly trained secret service, but these days any⁣ idiot can buy top-notch nation-state-grade tools from for example Israeli firms.

Examples:

1. Fog Reveal⁢ - Wikipedia
2. The UK Government Knows How Extreme The Online Safety Bill Is
3. EFF Urges Appeals Court to Re-hear Case over Trump’s X Account
4. Proposed UN Cybercrime︀ Treaty Threatens to be an Expansive Global Surveillance Pact - THIS IS UN LEVEL SURVEILLANCE︁

: Despite repeated civil society objections, the zero draft of the Convention is looking less︂ like a cybercrime treaty and more like an expansive global surveillance pact.

China Examples:

1. https://grizzlyreports.com/we-belie...nt-security-threat-to-u-s-national-interests/
2. China Used a Tiny Chip in a Hack That Infiltrated U.S. Companies
3. https://www.cnn.com/2023/04/02/tech...re-cybersecurity-analysis-intl-hnk/index.html
4. Chinese hackers exploited years-old software flaws to break into telecom giants

https://www.bloomberg.com/quote/16667Z:US
Also never forget the US stopped tax evasion in Switzerland from US persons by basically planting︃ malware in the entire internet infrastructure of Europe to uncover the names of Americans with︄ accounts. The United States Government's Pursuit of Swiss Banks who Assist American Tax Evaders

MAC address is incredibly easily spoofed, and actually exactly how handshake capture︊ attack occurs.

There is Routersploit, easiest way to get started it︌ to get a router and install OpenWRT, Pineapple is basically this. But you need to︍ be a technical person to perform an attack, Pineapple is a fun tool but more︎ for the hobbyist.

Current Windows is still exploitable through bootloader attack ie. BlackLotus.‌ Windows and Linux are not safe operating system, best is to use Qubes OS on‍ a Chinese-made laptop imo. Depending on threat model of course.

This is true, long password is hard⁤ to crack. New model of router + good password will keep most people out.

 

[Sols]

If your threats include someone spoofing the MAC address from one‍ of your other devices, you're in a very different situation that requires different security protocols.⁠ The reality is that MAC filtering is good enough for most people in most cases⁤ who just want to keep unwanted/unapproved devices from their network.

 

[daxbr]

textfree, if you port number with added advantage of free service.

 

[Delight]

there is a way to intercept traffic between the targeted client and router but ofc it︁ will be encrypted. Youll have a better chance at Social engineering the person for example︂ what you can do is use a program like Evil Limiter and stop their use︃ on the wifi network, if you are the owner of the router they will likely︄ come to you to mention the issue and all you can say is oh my︅ internet provider says it is necessary to install their program to use the wifi but︆ instead you will install a remote access trojan.

I guess the simple answer to your︇ question is use a RAT that is compatible with the person's device and find a︈ clever way to get them to install the malware. If you use a VPS you︉ can track whatever the person is doing anywhere they go.