Wi-Fi is a fundamental part of most people’s home Internet setups. However, despite its importance, we rarely think about the security of our Wi-Fi setups. ISP-provided routers tend to work out of the box, so it’s easy to just plug them in and assume that the Wi-Fi settings you’re using are good enough.
This may be true most of the time, but there are a few huge security holes in Wi-Fi that you should be aware of before connecting your brand new Wi-Fi enabled router to the Internet. We’ve put together a quick primer explaining how home Wi-Fi works and the pitfalls you need to watch out for if you want to improve your Wi-Fi security.
How Your Home Wi-Fi Works
Understanding exactly how Wi-Fi works will give you a better idea of how you can make yours more secure. So let’s take a quick look at how Wi-Fi connects your devices to the Internet.
When you sign up with an ISP, you’ll typically receive a Wi-Fi router with a modem built into the same device. The modem handles communication with the outside Internet through your ISP, while the router sends traffic between every device on your network, including the modem.
On a Wi-Fi enabled router, the Wi-Fi access point sends data by broadcasting it as a radio wave. Any Wi-Fi-enabled device connected to the network can receive these radio signals and decode them into network traffic packets that the device can then process.
The secure shortlist
Looking to boost your digital privacy? Check out our guide to today’s best VPNs, based on our own in-house hands-on testing.
To send information to other devices or to the Internet, the Wi-Fi enabled device transmits radio waves that the Wi-Fi access point receives and decodes for the router. The router then sends the data back to the receiving device, as if it had received traffic from a wired device.
This back-and-forth of radio waves allows a Wi-Fi-enabled device to send and receive data from websites, making Internet access seamless without needing to physically connect to a router.
Of course, it’s very convenient to be able to connect a new device to the Internet without having to find new Ethernet cabling or huddle next to the router. However, this convenience comes with some additional security considerations. Radio waves don’t stop at the boundaries of your home. In fact, if you open a Wi-Fi device right now, you’ll likely see plenty of Wi-Fi hotspots from other homes and businesses.
That’s where encryption comes in. Although a Wi-Fi hotspot can be set up so that anyone can connect to it, most routers come preconfigured with secure encryption protocols, which make Wi-Fi at least somewhat secure by default. Basically, before the radio waves leave the Wi-Fi hotspot, they are encrypted using a secret that the device it is communicating with also knows.
This scrambles the data as it’s transmitted over the air, so that even if another person were to listen with a Wi-Fi-enabled device to the traffic sent over your Wi-Fi network, all they would see is meaningless gibberish. To decrypt this traffic, you need to know a shared secret, which is usually a password but can also be a private key.
The weak points of Wi-Fi
When Wi-Fi is configured correctly, it is secure enough to manage all your private information. The only way to ensure your Wi-Fi setup is up to snuff is to be aware of the possible security pitfalls associated with an insecure setup. So, we have outlined some of the common Wi-Fi issues.
When you set up a Wi-Fi network, you have the choice of using one of several security protocols. The biggest problem with Wi-Fi is that not all of the security systems it supports are actually secure.
Take WEP, for example. WEP is vulnerable to several well-documented decryption attacks, which allow a hacker to recover your Wi-Fi password if they wait long enough. You’re unlikely to encounter a WEP-secured router if you get a new one from your ISP, but if you buy an old, used router, it can still be configured to use WEP.
Needless to say, you shouldn’t use WEP. This is better than no security at all, but even a simple attacker can break into a WEP-secured network. WPA1 isn’t much better either. WPA1 replaces WEP which uses TKIP as its encryption system, which is now also considered insecure and obsolete.
You should also check whether your router comes with a unique username and password combination or a generic combination. If it is something like “admin/admin”, it is very likely that the default credentials are published on the Internet. Although it is unlikely that a hacker would be able to take advantage of this information over the Internet, if they have physical access to the device, it is simple to log in and start changing the router settings.
Thinking about the other devices on your network is just as important as securing your router. IoT devices are known for poor security, especially budget smart devices. Some use weak default passwords, others require no authentication, and most incorporate a combination of Wi-Fi and Bluetooth technology. These devices can increase the attack surface for a hacker who detects vulnerable Wi-Fi networks.
So why is your Wi-Fi network security important? After all, most of the Internet traffic you send over the Internet is SSL encrypted anyway. Well, just because your web traffic is encrypted doesn’t mean all the protocols you use are. By allowing a hacker to gain a foothold inside your network, they can monitor all traffic sent between your devices, waiting for an unencrypted password to be sent.
If an attacker also gains access to your router’s administrative settings, they can launch a range of attacks to take control of your other devices. For example, they may use techniques like DNS hijacking to download malware to your main device or redirect you to a phishing site.
How to Improve Your Home’s Wi-Fi Security
While there’s a lot to lose if your Wi-Fi security isn’t set up correctly, you can significantly improve your defenses with just a few quick checks. We’ve outlined the key actions you should take if you’re concerned about the security of your home Wi-Fi network below:
- Change your router’s default login information: Your router will come with login information for the admin panel, either in the package or on the router itself. As a precaution, it’s worth going to the admin panel while you configure your router and change the default login username and password.
- Enable WPA2 or WPA3 encryption: These protocols are necessary to keep your local network traffic private. If you only use WPA1 or WEP on your Wi-Fi router, you should either configure WPA2 or WPA3 immediately or switch to a router that at least supports WPA2.
- Enable a router firewall: Some routers include a built-in firewall, which you can use to prevent hackers from accessing your network from the Internet. Check your router settings to see if it’s enabled by default, and if it’s disabled, it’s time to turn it on.
- Hide your SSID: Disabling SSID broadcast will prevent your network from appearing in the list of available networks on most devices. Even though this hides your network from casual attackers, determined hackers can still detect your Wi-Fi network. You will also need to enter your SSID manually when registering new devices on the network.
- Disable remote administration: If your router has features that allow you to access its settings from outside the local network, you should disable them. You are unlikely to need this feature, while for attackers it is an additional attack vector that can potentially be exploited.
- Keep your router software up to date: It’s a hassle, but you need to make sure your router’s firmware is up to date. If there is an auto-update option, enable it. Otherwise, you will need to check your manufacturer’s website regularly to see if any updates are available.
- Use a VPN: Most of the advice we’ve offered here relies on the ability to set up your own personal router. However, if you’re using a router that you can’t control or using a public Wi-Fi network, it’s best to put in an extra layer of security. The most secure VPNs encrypt your traffic before it leaves your device. So even if an attacker can monitor your local network traffic over Wi-Fi, they won’t be able to read anything.
We test and review VPN services in the context of legal recreational uses. For example: 1. Access a service from another country (subject to the terms and conditions of that service). 2. Protect your online security and strengthen your online privacy abroad. We do not support or condone illegal or malicious use of VPN services. Consumption of paid pirated content is not endorsed or endorsed by Future Publishing.
