The ins and outs of wireless security
Nathan Taylor looks at the methods and consequences of a Wi-Fi hack.
In the years since its introduction in 1998, Wi-Fi has become a bedrock of most people’s home networking solutions – and that’s why it has become such an important factor for home security. Having your Wi-Fi network hacked can be devastating. It puts the attacker right in behind your network firewall, with direct access to any services that might be running on your home network. While the necessity of proximity does limit the number of attacks that occur through Wi-Fi, the effects of such a hack are potentially enormous.
So let’s take a look at how your Wi-Fi might get hacked, how to prevent it, and what the consequences can be.
How Wi-Fi can get hacked
The goal of a Wi-Fi attack is simply to gain access to your home or business Wi-Fi network – that is, to be authenticated and allowed on the network as a legitimate client device, with the authority to communicate with other devices on the network. In most cases, that involves getting hold of the Wi-Fi network’s pre-shared key (password), although that may not even be necessary on some wireless networks.
1 An open or default network
The simplest attack is on an open network, one that doesn’t have any authentication or security configured. Anybody can connect, and open networks can be easily detected and accessed with a wireless scan. At one point in time most wireless routers shipped with open networks, which made “war driving” – going around neighbourhoods looking for open networks to exploit – a popular pastime.
Default passwords are another common attack path. Although the practice of shipping with open networks has died out, some routers still come with default wireless passwords that you’re expected to update (and many people don’t). These will be the first passwords that any attacker attempts.
Thankfully, most routers sold now do come preconfigured with a unique password. We still recommend updating the wireless password on these routers to ensure that you’re the only person with the password – and make sure that the password is a good one: no dictionary words, no names or places – just a random collection of numbers and upper case and lower case letters.
2 Brute force attacks
The reason for the need for good passwords is this: brute force attacks are very much a thing on wireless networks. A brute force attack is one that rapidly attempts hundreds, thousands, tens of thousands of common words, phrases and sequences. Also known as a dictionary attack, it is an attempt to try and crack a password by trying thousands of different passwords against it. Tools like Cain and Abel can even take a “recording” of wireless traffic – where the attacker just listens in on and saves encrypted wireless traffic to a hard disk – and work on it offline to try and crack the encryption and decode the Wi-Fi key.
The best solution for home users is the aforementioned “good” password, at least ten characters long, that won’t be in any brute force dictionary (enterprises have other methods they use, including having unique passwords by user
with RADIUS authentication, but that’s out of the reach of most home users).
3 WPS exploits
Wi-Fi Protected Setup is a system designed to simplify the connection of client devices, typically by using a Bluetooth-style synchronised button press or pin code to allow quick connection to Wi-Fi without the need for a password. It’s a known vulnerability, with a particular exploit allowing attackers to gain access to a router within minutes.
Most routers have had patches released that fix this exploit, but many people never update their router firmware, leaving a lot of existing routers exposed. We recommend going into the router’s settings and turning WPS off altogether to ensure that it can’t be exploited.
4 WEP exploits
Wired Equivalent Privacy (WEP) wireless encryption has largely been deprecated in favour of the more secure WPA, and most routers sold in the past decade will use WPA by default. But if you have a very old router, you still might be using WEP, in which case you should immediately update your router settings to WPA. WEP is easily cracked using common downloadable tools, and is not safe to use, no matter how good the password is.
We should note here that WPA and WPA2 have also proven to be vulnerable – attacks like Key Reinstallation Attacks (KRACK) attacks have been found effective against the newer standard, which is why you should also update your router firmware regularly. Right now, WPA2 (and the upcoming WPA3) are the best options we have.
5 Accessing cached and saved passwords
If you leave a device – a phone, a PC, a console – where the attacker can access it without a lock screen, they may be able to quickly grab the password while you’re away. Remember to use lock screens and maintain physical device security. If a device is lost or stolen, make sure that you update your Wi-Fi password to a new one, or you might get an unwanted visitor on your network.
What can happen if your Wi-Fi is hacked?
The potential consequences of a hacked Wi-Fi network can be far ranging, from a minor inconvenience to a critical threat. Some of the things that might happen include:
1 They can use your internet connection
This is probably the most common and benign outcome of having Wi-Fi hacked. The hacker uses your internet connection, maybe for something criminal, maybe to download YouTube videos.
2 They can access your private shares and services
This is more serious. Your firewall is no longer protection against your home network shares and services being accessed. Some of those, like Windows File Sharing, might have an additional password to protect them that’s required before access. Others, like DLNA media sharing typically have no password protection and anybody connected to your home network will have complete access to them.
3 They can access your router
By default, as a security measure home routers can typically only be configured from inside the home network. Once connected to your home network, however, the attacker can try to access the router configuration. If you’ve left the default password in place, which many people do, then they can access your router configuration, which opens up a huge set of opportunities for the attacker.
They could replace your router firmware with malware that monitors all your internet traffic; they could open up your firewall, enabling attacks from outside your network; they could use your router to spread malware to other devices, including your other home devices.
The lesson is: change your router password. Not just the Wi-Fi password, but the admin password, the one used to log onto the router admin.
4 They can access other internet connected devices
As with routers, there are many other devices and services on home networks that people typically don’t bother to change the default password on. IP security cameras, home automation equipment and sensors, certain servers such as network attached hard drives; these are all vulnerable if the default password is left in place. So change those passwords!
5 They can monitor all your communications
Once connected to your network, a wireless attacker also has an option to engage in what is called packet sniffing, something we covered in this column last month. Packet sniffing is passively listening in on all wireless traffic as it goes across the network. Any communications that aren’t protected by end-to-end encryption can be saved and viewed. For example, if you fill out a form on an unencrypted web page, a packet sniffer can grab the details by listening in on the wireless traffic. Because once they’re connected to your Wi-Fi network, they’re in on everything you do on your home network.