As wireless Internet service becomes more abundant and more homes use routers to establish wireless networks, the flaws in wireless Internet security become more of a problem. Now, before we start, don’t panic about any Hollywood ideas of hackers. Someone isn’t going to use your wireless Internet from halfway across the country to steal $2 billion from a Swiss bank. Wireless Internet hacking, at least for personal computers (business networks are another issue entirely due to their confidential nature), is usually just a neighbor leeching off of your Internet connection for various reasons. There have been a few rare cases in which scammers and hackers drove around searching for wireless Internet to use for nefarious reasons, but those were fairly unique cases.
People can hack your wireless network for personal or illegal reasons. Personal reasons account for people who just want to use your Internet for free. They might not be able to pay for it or they might just not have their own network rigged up. They could have also used up their bandwidth allotment for the month and hope that you can spare a bit. Some people will use a neighbor’s network to pirate music, movies and games and pass the risk onto someone else. And of course, some hackers and scammers will use another person’s wireless network so that the actions can’t be traced back to them.
There is a small chance for legal trouble, in which case you’d have to hire a lawyer and prove that it wasn’t your computer performing the illegal act. The most troubling issue is that hacking wireless Internet networks will use up their bandwidth and slow down the legitimate owner’s service.
Naturally you will want to protect your wireless Internet, so we’ll cover the basics of hacking wireless networks and how you can better protect yourself.
Hacking a wireless network isn’t actually that hard conceptually. Basically, the hacker just needs to get their hands on your wireless encryption key. Once they have that, they can probably just log on as if they were a legitimate user.
It seems like it’s par for the course to use an analogy when covering Internet usage. Since I don’t want to talk about a series of tubes, let’s use the ferryman idea. When you’re using wireless Internet service, your computer’s wireless Internet card is communicating with a router which is then routing your requests through a modem and onto the Internet. So this is a ferry service that takes you back and forth to the big city from your remote village.
Your wireless Internet connection will ideally work just like this. You will confirm the password on your first trip to show the ferryman your ticket, he’ll remember your face for awhile and in that time he’ll happily take you back and forth along the route.
Of course, someone might want to leech off your service either to watch where you’re going or just get their own trip for free. Note that they are bound by location. Wireless Internet becomes fairly useless after a fairly short distance. For our example, that means they have to also be in your village and close to the ferry’s route. All they need to board is the password.
One method is to just guess systematically until they get it right. Of course, most modern routers will block them out fairly quickly, since the ferryman will know something is wrong if they miss it several times in a row. The password is long (usually 13 alphanumeric characters, which would equal 36^13 possible passwords), so it’s a rarely effective method. Only a ferry with really poor security would wait around and let them keep guessing.
It is more likely that they’ll take advantage of a weakness in the wireless Internet setup. In order to stay connected, the router sends out a periodic status report to the connected device. In this encrypted packet is the key to the router. A hacker can watch the connection, capture all of the information for awhile and then run a program to crack the encryption. The cracking program can usually pick the vital data right out for them (I have a separate article covering these wireless Internet hack programs). Once they have the password they can log onto your network.
Well, we already have a ferry analogy going so let’s stick with it while I cover how to protect yourself against wireless Internet hacking. Note that given enough time, they can probably hack it. Our goal is to make sure that it’s a real pain and discourage them from doing it.
To start with, use a good password and use the highest level of encryption possible. This doesn’t even really need an explanation. A randomized password is going to be much harder to hack and it takes awhile for new encryption methods to be reliably cracked. So try to stay on top of things if you’re security conscious. Note that you should also make sure that the password for admin access on the router is tough. While the default one might be easy to remember, it will also be easy to hack. Your security won’t matter if a hacker can just reset your router remotely.
Look at your router too. You might have some special security options, such as MAC address filtering. Each computer has a unique MAC address and you can often make list of which computers are allowed to use the router. You’re effectively giving the ferryman a picture of yourself. If you’re facing a hacker that knows what they’re doing, then it won’t offer much protection. They’ll probably know how to disguise themselves properly by spoofing one of the approved MAC addresses. Once again, we’re just doing this to make it a bit harder for them by adding an extra step.
Your special features might also include logs. You can look up the logs if you want to see if someone else has been using your connection.
Finally, remember that you don’t have to leave your router running. No one can hack a wireless router if it’s not online.
While we’re on the subject, let’s cover security for a public wireless Internet hotspot. There is no security. For this analogy, you’re on a public ferry with anyone who felt like coming along for the ride. Everything that you do can be observed by them. There is a degree of security on most secure websites, since they have separate encryption for login pages, but they’re still able to capture the encrypted information if they want. A lot of stuff is quite visible and freely available to anyone who sets up a packet sniffer and records the information being sent and received.
Don’t do anything on public wifi that you wouldn’t feel comfortable actually saying in public. Unless it’s absolutely necessary, do not visit secure websites and try not to enter any confidential information.
- Author’s own experience
- Image Credit: Wikimedia Commons/Thunderhead