Install malware via Wi-Fi

[Gardenia]

Hello.

I wonder if it is possible to install malware like spyware on Linux Mint remotely through Wi-Fi?

I suspect my home network has been hacked, so therefore I wonder if this would be possible to do on a PC that has LM installed on it.

I am currently a Windows 10 user that would like to to switch to LM.

Kind regards

[Larry78723]

I won't say it's impossible but it's very highly unlikely to install malware/spyware via wifi on a linux mint machine.

[Petermint]

Wifi is only a carrier. The malware would have to be in the device driver or some software you install to use Wifi. If you install only the software in the Linux Mint libraries, the software is checked by hundreds of people, possibly thousands, and some/most are smarter than me.

For anything you want to install outside the official Software Manager, you can search these forums for other users, advice, and guidance.

This whole "checked by millions" approach is the opposite of Apple/Google/Microsoft where the source code is not available for inspection or testing. With them, one trainee coder makes a mistake and your whole bitcoin collection goes down the drain.

[newlyminted7]

I wonder if it is possible to install malware like spyware on Linux Mint remotely through Wi-Fi?

Technically, yes, since, as Petermint explained, wifi is only the carrier (if wifi is your only network connection). But you'd need something to bring that malware/spyware onboard your machine. That is usually done by users themselves, by downloading untrusted software, scipts, or other files, and then executing them on their machine. If you're worried about someone just attacking and hacking your machine via wifi without you doing anything like executing untrusted software, scripts, or other suspicious files, then I'd say the chances are relatively low.

If you're running servers like email servers, web servers, file sharing services, and so on, then definitely stop those (they aren't enabled in a default Mint installation). Also, turn on your firewall if it isn't already on. Some people say not to bother with the firewall, but if you're worried your network has been hacked, then you may as well turn it on (but if you don't have any open ports, it won't do much, which is why people say not to bother). It can still be another layer of protection if you think your network has been hacked.

I suspect my home network has been hacked

What exactly makes you say this?

Have you changed your router's password? What kind of wifi encryption are you running? Do you have access to the wifi's admin panel (web interface)? Do you have any wifi-accessible network shares? Do you have any other computers on that network?

Regardless, you would be much more secure using Linux Mint than Win10. By a very, very large margin. Not to mention the privacy benefits.

[Gardenia]

I wonder if it is possible to install malware like spyware on Linux Mint remotely through Wi-Fi?

Technically, yes, since, as Petermint explained, wifi is only the carrier (if wifi is your only network connection). But you'd need something to bring that malware/spyware onboard your machine. That is usually done by users themselves, by downloading untrusted software, scipts, or other files, and then executing them on their machine. If you're worried about someone just attacking and hacking your machine via wifi without you doing anything like executing untrusted software, scripts, or other suspicious files, then I'd say the chances are relatively low.

If you're running servers like email servers, web servers, file sharing services, and so on, then definitely stop those (they aren't enabled in a default Mint installation). Also, turn on your firewall if it isn't already on. Some people say not to bother with the firewall, but if you're worried your network has been hacked, then you may as well turn it on (but if you don't have any open ports, it won't do much, which is why people say not to bother). It can still be another layer of protection if you think your network has been hacked.

I suspect my home network has been hacked

What exactly makes you say this?

Have you changed your router's password? What kind of wifi encryption are you running? Do you have access to the wifi's admin panel (web interface)? Do you have any wifi-accessible network shares? Do you have any other computers on that network?

Regardless, you would be much more secure using Linux Mint than Win10. By a very, very large margin. Not to mention the privacy benefits.

I'm just a bit paranoid, since I have many guests that visits my home and uses my Wi-Fi. There is no guest network option in my modem, and no clients isolation feature is available.

I'm going to purchase a new router that has more options to protect my devices.

Currently I'm using WPA2, and have access to my modems admin login page. but the settings in my modem are not many: https://imgur.com/a/yjsOYlb

I am using the same network as several smartphones and PCs in my home, but have no network shares.

These are my firewall settings in my modem BTW: https://imgur.com/a/nxTuhne

[GS3]

I'm just a bit paranoid, since I have many guests that visits my home and uses my Wi-Fi. There is no guest network option in my modem, and no clients isolation feature is available.

In my opinion the cause of your suspicions lies mostly with your lack of understanding and you need not be so concerned. If your computer has no shares then it should be safe. If the other computers on the network are running Windows then you are doubly safe because it is difficult enough to get Linux and Windows computers to communicate when you are actively trying to do it.

I do not see any need to buy or change anything. If you just enjoy your paranoia then you could disable the computer's network connection when you are not actively using it.

You do not need fancy routers to do fancy configurations. I have crates of old routers which I use in different ways. One configuration I do often is this: Suppose the main home network is 192.168.0.XXX. I will take another router and make the WAN connect to that main network. Now I have a second "private" LAN, say 192.168.42.XXX which is not accessible from the main LAN. I have done variations of this on many occasions and it is pretty much free because, as I say, old routers are to be had for free.

[newlyminted7]

I'm just a bit paranoid, since I have many guests that visits my home and uses my Wi-Fi. There is no guest network option in my modem, and no clients isolation feature is available.

Well, I'd suggest that your problem has more to do with who has access to your network, then. If you're using WPA2 and giving out your password, then nobody needs to "hack" your network because they're already on it. And if you don't know who is on it, then there's your first problem.

If you have "hackable" things on your network, then that is your second potential problem (web servers, email servers, network shares, other PCs with open network ports or other unscrupulous networked software running in the background from companies such as Adobe, Microsoft, computer games, etc, etc).

I'm going to purchase a new router that has more options to protect my devices.

Good. This should solve most of your problems if you secure it and configure it properly (research it and do it right, it's worth it). Then only provide one thing on that network for them: internet access. And turn on logging and other security features of the new router, and choose a very secure password for the admin web interface. Also consider changing the password for the guests once a month or so, this makes active users to have to request the new password and stops any zombie services being used on it for months or years at a time.

I would then create your own personal network that you don't give out access to (ideally using a completely different router). Look into Mac address filtering and hiding your SSID (even though some people say it is useless, and it might be, but it is easy and might help a little, if nothing else for peace of mind). I still wouldn't put anything valuable or important on it since, if you have "many guests" in range of it, all it takes is one bad apple to crack your wifi security (unfortunately not that hard to do), and they are on your "important stuff" network. Definitely change this password regularly (weekly or monthly). Put your important stuff on an ethernet-only network that is not connected to the internet (ie. you have to plug the network cable into your computer to access it - a hassle, maybe, but it is more secure - or use an external USB drive that you only plug in when you need to access it - depends on your needs).

And yes, switch to Linux. Ditch Windows and MacOS and do not look back. Ever.
My 2c, anyway. Good luck.

[Petermint]

Good advice for Gardenia on securing routers. So what is the minimum cost router with those options? I find some of the routers recommended as secure are ten times too expensive and some of the low cost ones are difficult to make secure because the settings are disjointed and there is no simple How to. Both of my current routers have a security page but they do not explain exactly what they are doing in the background. What brands/models do you use?

[JeffF73]

I'm just a bit paranoid, since I have many guests that visits my home and uses my Wi-Fi.

You do not need fancy routers to do fancy configurations. I have crates of old routers which I use in different ways. One configuration I do often is this: Suppose the main home network is 192.168.0.XXX. I will take another router and make the WAN connect to that main network. Now I have a second "private" LAN, say 192.168.42.XXX which is not accessible from the main LAN. I have done variations of this on many occasions and it is pretty much free because, as I say, old routers are to be had for free.

I agree. This is what I have done for my network. Get a modem/router for your personal devices, Get a separate router for your guests. Or even a Raspberry Pi and have them connect to that as a wifi router/access point. Both having different Local IP's. Ex: Modem/Router for Personal devices 192.168.1.0 and Separate Router/access point for guests: 192.168.2.0. And so on. You can add more routers if it makes you feel comfortable. Ether way the point is to have your Personal devices connect to one while your guests connect to the other. This creates a great wall between guests and your personal devices.