IMNASKIDEEYYOOUURRWPCI- FI HACK-PROOF
Use the best possible encryption
Most of us know that leaving our Wi-fi connection unsecured is tantamount to inviting criminals into your home for a nice cup of tea. But, even if your connection is encrypted, it can still be vulnerable.
If you’re still using WEP protection to protect your Wi-fi network, then stop now. WEP was the default encryption method used to secure many routers a few years ago, but it’s just not safe enough and hackers can easily crack it.
Your router should offer alternative methods of encryption. Log into your router’s configuration tool, then look for the Wireless or Security section. Check to see which type of security is being used and, if possible, switch to WPA2 (it may be listed as WPA2-PSK – see screenshot below). If you’re offered the choice of WPA2-PSK (TKIP), WPA2-PSK (AES) or both, then make sure you opt for AES only. Like WEP, TKIP is no longer considered secure and could even slow your connection.
If your router doesn’t offer WPA2 encryption, try updating its firmware (see page 55). If it still doesn’t offer WPA2, then it’s time to get a new router. Your internet provider may send you a new router for free if you give them a call, so try this first before spending any money.
Strengthen your Wi-fi passkey
Another critical factor is the strength of the passkey used to connect to your Wi-fi. Even with WPA2 encryption, it’s theoretically possible for hackers to crack weak passwords using
brute-force attacks or by intercepting data transmitted when a ‘Wi-fi handshake’ takes place (the moment when devices connect and exchange encryption keys). By exploiting this chink in your router’s encryption armour they can then use a free passwordcracking tool, such as Hashcat ( http://
hashcat.net), to work out what passkey you use (see larger screenshot above).
Don’t assume the default wireless key provided with your router is strong enough, either. It’s best to set your own, so head to the Wireless or Security section of your router’s configuration tool. All the usual password-creation advice applies – use a mixture of letters and numbers and don’t include names, birthdays, sequential characters, and so on. With WPA2 encryption, longer passkeys are harder to crack than shorter ones. The minimum number of characters for a WPA2 passkey is eight, but you should consider a longer one – around 15 characters should be secure enough. A passphrase – a combination of totally unconnected words – is also secure and can often be easier to commit to memory.
Don’t hide your SSID
Some routers offer the option to hide your Wi-fi network name – or SSID – and it’s a common misconception that doing so will help to protect it. It’s true that hiding your SSID will prevent your network from showing up in the list of available wireless networks on devices in range. But, in practice, this makes no difference to a prospective hacker, who’s likely to be using a sniffer tool, such as Kali (see page 51) or Kismet (see smaller screenshot above), that can easily uncover hidden SSIDS. In fact, hiding your SSID may only serve to draw unwanted attention from nearby hackers looking for hidden networks that might lead them to valuable personal data.
Hidden SSIDS are a pain to deal with at home too, because you’ll need to manually enter your network name every time you want to connect a device. And, as they offer zero extra security, there’s very little point in using one. Disable this setting in your router’s wireless settings if it’s switched on.
Update your router’s firmware
Keeping your router up to date can help to bolster its security, by fixing flaws and offering new features, such as support for better encryption methods.
Checking for and updating firmware works differently from router to router. Some models check for and install firmware updates automatically. Others may offer a way to check and update firmware via their configuration tool or desktop program (look in the System or Maintenance section, or similar – see Netgear Genie screenshot right). Alternatively, you could look up your model on the manufacturer’s website for available downloads and installation instructions.
If you’re going to update your router’s firmware, make sure you back up your settings first. There should be a backup option available in the System or Maintenance section of the configuration tool.
Stop hackers changing your router’s settings
A vulnerability many routers share is the admin password used to log into the configuration tool. This is usually set as something basic (usually ‘admin’) by default and, if you haven’t changed it to something else, it’s often easy for hackers to guess.
If you don’t want anyone accessing your router’s settings (and you definitely don’t), change the admin password to something that’s hard to crack, using the usual rules of password creation we covered on page 53. Log into your router’s configuration tool or desktop program and look for an option to change the admin password in the Management or System section.
Some routers let you log into their configuration tool remotely – from outside your own network over the internet. The trouble with this is that it potentially opens a backdoor for hackers, so unless you use this feature, it’s best to disable it. Again, look in the Management or Admin section of the router’s software for a Remote Administration or Management option and turn it off it it’s enabled.
Make sure WPS is disabled
Wi-fi protected setup (WPS) is a nice idea but it could leave your Wi-fi network exposed to hackers, even if you’re using WPA2 encryption and a strong passkey. Available on many modern routers, WPS lets you use a PIN code or a push-button to quickly connect new devices to your wireless network (rather than having to enter your Wi-fi passkey every time). The trouble is that, while the push-button method is relatively safe, the PIN code method isn’t, as it works using two separate blocks of four-digit codes. These are very easy to crack, as there are only 10,000 different combinations (something that hackers can decode in no time).
Even if you stick to using the push-button method, WPS isn’t safe, because its specification states that all Wps-compatible routers must support PIN access too. Our advice is to switch it off altogether if your router lets you. Check in the Wireless section of your router’s configuration tool for an option to disable it (see smaller screenshot above).
Don’t bother with MAC filtering
Most routers provide an option to block all connections other than those that come from authorised devices. Known as MAC filtering, this works by allowing only connections from a whitelist of MAC addresses – unique codes that identify each device on a network. Theoretically, allowing only specific devices to connect to your Wi-fi should be a very safe way to protect your network. But there’s a problem – it’s actually relatively simple for hackers to find out and spoof the MAC addresses of authorised devices, and thereby gain access to your network. They would need to disconnect the real device first, but this can be done via a ‘deauth’ (short for deauthentication) or ‘deassoc’ (short for disassociate) attack, using free tools, such as the aforementioned Kali distro. Given this fundamental flaw, we’d advise against using MAC filtering.
Protect shared files and devices
If you share files between PCS at home, you’re potentially leaving your files wide open to any hackers who can gain access to your Wi-fi network.
The easiest way to protect shared files in Windows 10 is to create a Homegroup. Homegroups can be made up of computers running any combination of Windows 7, 8 or 10, and are protected by a secure password so only computers that belong to the same Homegroup can access shared files.
Click Start, type homegroup and press Enter. If you don’t currently have a Homegroup set up, click the ‘Create a homegroup’ button and work through the instructions, choosing which items you’d like to share (Pictures, Videos, Music, Documents, Printers & Devices) and making a note of the Homegroup password when prompted.
On your other PCS, click Start, type homegroup and press Enter. Now that you’ve set up a Homegroup you’ll see a different screen. Click ‘Join now’ and follow the onscreen instructions, again selecting the files you want to share and entering the Homegroup password you noted down.
Protect your files on public networks
Homegroups only protect shared files over your private home connection, so make sure your PC’S sharing setting for other types of networks are also secure.
Click Start, type advanced sharing and press Enter. Click ‘Guest or Public’ (Public on Windows 7) and select ‘Turn off network discovery’ and ‘Turn off file and printer sharing’. This will stop your computer being visible when it’s connected to a public Wi-fi hotspot. Next, click All Networks. Make sure ‘Public folder sharing’ is switched off, ‘128-bit encryption’ is selected and ‘Turn on password-protected sharing’ is enabled (see screenshot below left). Click ‘Save changes’ when you’ve finished.
Stop hackers switching on your PC remotely
The setting ‘Wake on LAN’ (WOL) or ‘Wake on Wireless LAN’ can be extremely useful. For example, if you’re at work and you realise you need something from your home computer, you can use software to remotely switch on and access your files. In theory, WOL is pretty safe – in order to turn on and access your computer remotely, someone would need lots of information that’s virtually impossible to get hold of, and then bypass your firewall and security software. However, it’s theoretically possible for a hacker to use sniffer software to find out your network adapter’s MAC address and crack your passwords. So, if you never (or rarely) use WOL, then it’s best to turn it off until you need it.
Click Start, type device manager and press Enter. Click ‘Network adapters’, then right-click your adapter and select Properties. Click the Power Management tab, then untick ‘Allow this device to wake the computer’ and click OK (see screenshot above).
Require a password when waking from sleep
Wi-fi isn’t the only way hackers can access the files on your PC. Gaining physical access to a computer – a lost or stolen laptop, for example, or a PC in a public place, like an office – could allow criminals to gather logins, credit-card numbers, bank details and more. The way to prevent this happening, of course, is to protect your PC with a password. But many PCS aren’t configured to require a password when woken from sleep mode.
In Windows 7, the option can be found in Power Options within Control Panel. Microsoft likes to keep us on our toes, though, and has helpfully changed its location in Windows 10. To find it click Start, Settings, Accounts, then ‘Sign-in options’. Select ‘When my PC wakes from sleep’ within the ‘Require sign-in’ section to make sure your PC is protected.
There’s a free version of Photosync for Android ( www.snipca.com/22170). It lacks Autotransfer and online storage support, but does transfer to PC which might be all you need. The only version for IOS is the full £2.49 app.