Wi-Fi hacking in recycled printers, computers and smart-home equipment | Kaspersky official blog
Credit to Author: Stan Kaminsky| Date: Wed, 09 Aug 2023 09:10:17 +0000
When you throw away or sell an old computer or phone, you probably remember to delete photos, messages and other personal stuff. But there’s another kind of personal data that (almost) no one thinks about — and it needs to be erased not only from phones, but also from watches, printers and other smart devices — even your fridge. These are the settings for connecting to your Wi-Fi network.
The danger of leaky Wi-Fi access
Accessing someone else’s Wi-Fi network has commercial value. The simplest and most innocent (albeit naughty) form is using a neighbor’s connection. Far less innocent is data theft: in a home or office network, devices usually trust each other, so connecting to someone else’s Wi-Fi makes it easy to steal photos and documents from other network devices.
Even worse is when a Wi-Fi network is infiltrated for illegal activity, such as spamming or DDoS attacks. Exploiting a discovered Wi-Fi network just once, an attacker can hack a device on it (the router itself, home network-attached storage (NAS), a video surveillance camera, or any other easily hackable devices) — and then use it as a proxy server, without further recourse to Wi-Fi “services”. Such proxies operating from home networks are in steady demand from cybercriminals. Of course, the owner of the hacked device bears the brunt: their internet is slower; their IP address lands in various denylists; and, in rare cases, they might get blocked by the ISP or even get a police visit.
As for printers, cameras and other devices on an office network, their Wi-Fi settings can be used to attack the company in question. This attack vector is great for hackers, because in many companies cybersecurity is set up to protect against threats from the internet, while office devices — especially printers — are paid little attention. By connecting to the Wi-Fi network, attackers can easily carry out data theft and/or ransomware attacks.
How Wi-Fi settings get stolen
Most devices store Wi-Fi network information in unprotected form, making it child’s play to retrieve it from a discarded or sold-on gadget. It’s also not hard to find out who previously owned it:
- If you sold it, the buyer knows it came from you;
- If you decided to recycle the device, it’s possible you left your contact details when turning it in;
- If you threw it away, most likely it was somewhere very close to where you used the device.
A bad factory reset also leaves behind many clues: the device name often points to the owner (Alex’s iPhone 8), and the Wi-Fi network name — to their address or employer (TheBensonsHouse, Volcano_Coffee_staff).
Such pointers make your Wi-Fi network easy to locate, and the password for it is right there in the device memory. For added credibility, attackers can connect to your network by spoofing the MAC address of the discarded device.
How to guard against Wi-Fi leaks
Reset and wipe. The most obvious security measure is to wipe the settings from all devices before parting with them. For laptops and computers, it’s recommended to physically format the drive; for other equipment, we advise a full factory reset with deletion of all data. After resetting, go to the network settings and make sure that everything’s really gone — then do another reset to make doubly sure. Unfortunately, the quality of factory resets varies depending on the device and the manufacturer, and there’s no cast-iron guarantee that a reset really does delete everything. For example, Canon recently reported an issue in 200 printer models in which the reset failed to clear the Wi-Fi settings. Canon’s advisory explains that a double reset is required, but for many other devices there’s simply no reliable way to clear the network settings.
Changing the Wi-Fi settings. This method is fiddly, but reliable and not too difficult technically. After getting rid of a device, change your Wi-Fi network password and update the settings on all your other devices. The fewer devices you have, the less trouble, of course. Always use strong, long passwords. And when you change one, generate a password randomly rather than just adding a number or letter at the end. Kaspersky Password Manager, included in a Kaspersky Premium subscription, will help you do this. In the Wi-Fi settings, select WPA2 or WPA3 encryption.
Strict access control. Every Wi-Fi-connected device has its own network access rights. For office and well-configured home networks, managing Wi-Fi access rights at the device level will help — your Wi-Fi router must support these settings. Configure your router so that any unknown or newly connected device is completely isolated and prohibited from accessing the internet or any device on your home network until you explicitly allow it to do so. When discarding or selling a device, be sure to isolate it in the router settings — not just remove it from the list. Then, even if attackers try to connect to the router through stolen credentials, no access will be granted.
A simple option for Wi-Fi access control. For those who find the previous method a bit too complicated, we recommend our smart home security guide, which takes a detailed look at how to properly configure home Wi-Fi and segment it for different categories of devices: computers, smartphones, smart home gadgets, and guest devices. To protect your home Wi-Fi from outsiders, we recommend the Devices on My Network feature in Kaspersky Premium. At first launch, the feature automatically maps your home network and identifies the name and type of each device, after which it continuously monitors the network for the appearance of “strangers” and warns you if a new unknown device pops up. If something in the list looks out of place, you can investigate and take action: from changing your Wi-Fi password to disabling unknown devices. And Kaspersky Premium will guide you through the process.
https://blog.kaspersky.com/feed/