Welcome to the community! Read our posting tips, and learn how to earn ranks, levels and badges to get started.

Ask any devices or smart home question in the Devices/Security or Network Troubleshooting Categories.


Happy posting!

Is my Fingbox supposed to have an Atheros AR9271 chip soldered in?

DaveH2ODaveH2O Member Posts: 3
First Comment Photogenic
in Devices & Security

My kids and I have been dealing with increasingly destructive electronic harassment for the past two months in the form of repeated deauth attacks, malware getting onto our systems, router getting taken over and personal accounts being hacked. This was why I invested in not one, but two Fingboxes two years ago. My whole network is down again, and I had to open one of the Fingboxes to do a factory reset (my router reported 16 clients connected through it) and I found this Atheros chip soldered on that doesn’t look like it belongs there. From what I just read, this chip has both Rx/Tx capability, so I guess I’m asking for a consensus on whether this is the point of entry for these attacks.

thanks in advance,

Dave

EC14F90A-86E9-4D65-933F-41587027F387.jpeg


Answers

  • The_MayorThe_Mayor Member Posts: 1
    Photogenic First Comment

    Hi,

    Yes, that chip is used with Fing boxes.

    Now from what you've told me, I can think of a handful of possibilities regarding your network compromises.


    • Someone without access to your network but within range of your router (either physically or remotely via device planted/compromised nearby), is utilizing monitoring software such as wifite to capture handshakes with a network card monitor mode capable to then decrypt/bruteforce to uncover network password.
    • Someone who has access to your network already because they were given the password or they were able to remotely/physically compromise a device connected to the network resulting in remote access to the network.
    • *Kind of goes with the last one* A keyboard has physical hardware attached that monitors keystrokes and transfers the logs to a third party.

    Ultimately, I don't believe your router's chip was swapped, I'm sure someone who is familiar with the Fing box internals will correct me if I'm wrong.


    I would strongly suggest the following:

    • Enable the guest network, only give guests, and possibly even those living with you, guest network. This will help if it is someone you wouldn't expect as they wouldn't as easily have access to the administration portal.
    • Go through every compromised account, search for clues, check all logs and security panels. Did they have all passwords, was it that the passwords were the same, did they simply gain access to your email and utilize password reset options, was there any one time text messages or emails issued implying alt email/sim compromise? What was the IP (Probably using VPN, who knows could have been from your own network.)?
    • Is it just you? Ask around, if this is simply someone running around the neighborhood, your neighbors likely fell victim as well. If not, probably targeted and someone you know.
    • Most importantly, if it happens again, do not reset your router it may have the key information you need. EX. Maybe this person used their device to access your network and their device name is on file "Sam's iPhone". Simply change the admin password (please make sure you're changing the admin password from the default), turn off the wifi if you want the extra security and of course disconnect Ethernet from the router. You can access the router's admin page same as usual via Ethernet or wifi and have time to safely review for evidence without leaving your devices and accounts at risk.
    • Use new passwords, include spaces in the wifi password, it makes it difficult to brute force.

    Good luck, I hope I was able to help you. Feel free to ask any questions.

  • DaveH2ODaveH2O Member Posts: 3
    First Comment Photogenic

    Thanks for the suggestions, but it turns out just to be that my newish iPhone 11 was hacked - or at least that was part of it. All of my network communications were being forced through a proxy unbeknownst to me, which explains both why all of my accounts were being hacked within minutes of visiting them and why two factor authentication messages sent to “my device” weren’t coming through.

Sign In or Register to comment.