Wi-Fi is great. It’s convenient, allows for widespread coverage, increases the portability of devices and is cost-effective.
But wireless networks — especially in your home — are also a common target for hackers trying to steal your personal information.
The fact is 24% of Wi-Fi hot spots around the world have no security encryption at all, which means they are open for anyone to use. Of course, many of these open hot spots are specifically intended for public use — like those in airports, coffee shops and hotels.
But not all of these open hot spots are meant to be communal. In fact, one-third of Americans have admitted to stealing a Wi-Fi signal… probably from their neighbors.
Unfortunately, the laws in the U.S. regarding tapping into another person’s internet access are pretty broad — and it’s not something that’s regularly prosecuted. However, there have been a few cases where law enforcement has gone after people using Wi-Fi hot spots without permission.
There’s No Such Thing as a Free Lunch
One case that made headlines was that of a Cedar Springs, Michigan, man named Sam Peterson.
Every day during his lunch break, Sam would drive to a nearby coffee shop and sit in the parking lot to use the coffee shop’s Wi-Fi. After about a week, someone called the police and reported a suspicious-looking man in the parking lot.
When officers arrived and asked Sam what he was doing, he told the officers he was simply checking his email. The police were unsure what law exactly Sam was breaking, but they referred the case to the local prosecutor, who decided to press charges.
For his unauthorized use of the coffee shop’s Wi-Fi, Sam was faced with one felony charge of fraudulent access to a computer network. Rather than fight the charge, Sam enrolled in a diversion program. He paid a $400 fine and completed 40 hours of community service.
In my opinion, this punishment was a bit harsh. Especially since stealing Wi-Fi from a neighbor or business is a pretty common occurrence. People figure what’s the harm?
But this attitude is precisely why you need to make sure to protect your home Wi-Fi. Not only does allowing your neighbors to piggyback on your network make your internet run more slowly, but a real hacker could use the opportunity to steal your identity — or worse.
To secure your wireless network against unwanted freeloaders, simply follow the three steps below.
Step #1 — Determine if you have unwanted users
Let’s say you notice your internet is running at the speed of molasses. The first thing you should do is turn off all of your internet-connected devices — including cellphones, tablets, TVs, even gaming consoles. Then look at the blinking lights on your router. One of those lights should indicate wireless activity. If it’s still blinking after you’ve turned off every device in your home, it means someone else is still connected to your network.
Another way to determine if someone is using your Wi-Fi is to check your router admin page. The process for doing this varies slightly for each brand of router, but a quick Google search should help you find the relevant instructions. If this is something you have never looked at, I strongly encourage you to do so.
Once you log into your router admin page, look for a list of “attached devices” or “connected devices.” If you see a device connected to your internet that isn’t yours, suffice to say someone else is using your internet.
Step #2 — Change the username and password on your router
Essentially, every router comes with preset username and password. The first thing you do when you get a new router should be to change these factory settings. You can do so on the router admin page — the same page on which you check for connected devices.
It is extremely important that you do this immediately. According to PC Magazine, “The generic usernames are a matter of public record for just about every router in existence; not changing them makes it incredibly easy for someone who gets physical access to your router to mess with the settings.”
Step #3 — Change the network name and enable encryption
When you set up a wireless network, you’ll need to change the service set identifier (SSID). This is the name your router broadcasts so people can find the network. Be sure to personalize it — don’t leave it as the default network name like NETGEAR123 or Linksys808. Cybercriminals have developed specific tools that can hack into your network just by knowing the default SSID name.
Whenever you change the SSID, all users will be kicked off the network and forced to sign in again. So whenever you change the SSID, you should also change the network password for extra security. Just be sure your password is unique to you and includes letters and numbers.
It’s also important to use encryption on your wireless network to help keep intruders off your network. Note that any encryption enabled on the wireless router must also be enabled on each device to connect to the internet. The most common type of encryption is WPA2, which uses AES, a highly secure type of encryption approved by the NSA.
Even if you live in the middle of nowhere, you should follow these three steps to beef up the security on your Wi-Fi. If the kid next door is using your network to play video games, that’s not such a huge deal. But if a criminal is trying to sneak into your network to access your personal information, that’s a much, much bigger problem.
Stay safe!
Nothing about VPN?
Hey AM,
VPN is always worth a discussion, but this post was specifically about the connection between the device and the router. We have written about VPN many times in the past including this post about secure email: https://spyescapeandevasion.com/blog/2017/01/20/secure-email/
Thanks for the feedback!
In addition to these, there are a couple other settings that are fairly simple to implement. First, you can set the router so it doesn’t broadcast the SSID. It’s hard to hack a network you don’t see.
Second, you can implement MAC filtering. There are 2 ways to configure this: either blacklisting or whitelisting. With whitelisting, what the router does is block all MAC addresses except those specified on the list, so only those specific devices can connect. Blacklisting is the opposite, allowing all devices except those specifically blocked on that list to connect.
Right on Jason W,
That’s definitely the way to go when you want to take those extra steps. I think for most people, this would make life harder than they’re willing to make it. Everything is a balance of convenience and security, but I would certainly recommend the steps you mention if you live in an apartment complex or some other place where people are likely to be connecting without your knowledge. I may just need to do a follow up post on this outlining risks of not connecting securely and why people might want to take those extra steps.
Thanks!
Once again Jason, you have done a good thing for a lot of people. I hope people let you know how much you are appreciated. I certainly appreciate your insight and expertise. Thank you!
I had a Dr appt recently. While talking to my Dr I told him about a procedure a prior Dr had used. Not for the same issue I was visiting him for. I haven’t seen the prior Dr for years. I haven’t looked him up or researched him, etc. and yet after the visit this prior Drs name popped up on FB as a friend suggestion. Is this just to much of a coincidence? Should my phone stay in my car during Dr visits or meetings?
Karen,
This is a great question and I’ve answered it in the Monday Mailbag. You can see my answer here: https://spyescapeandevasion.com/blog/2017/05/01/mailbag-monday-15/
Stay Safe!
Hiding SSID or white listing of MAC addresses will be easily broken by widely available Wi-Fi exploit kits. All those recommendations are still good for the majority of occasional surfers in the neighborhood but not against qualified hackers. Just be aware.
Jason:
I have been looking online at several different models of new vehicles, and one of the options I have seen on virtually every one of them is a universal garage door opener. This seems like a gross security violation. All a burglar would have to do is wait on a block until he sees a family leave their home, then pull into their driveway, press his remote, and pull into the garage and shut the door again. Once he was safely inside and hidden from view, he could take his time breaking into their home and loading up everything he wanted, then take off, probably without anyone noticing, or at least suspecting anything unusual. What do you think of this?
Hey Mark,
Sorry for the delay on this one. Jason Hanson has been extremely busy this week and asked me to make sure you got his reply. He replied in this week’s Monday Mailbag: https://spyescapeandevasion.com/blog/2017/06/12/mailbag-monday-20/
Thanks!
Jason:
Have you heard of a new free app called Phone Guardian? It’s supposed to keep your location anonymous and protect the data on your phone. Supposedly, beside being free, there is no advertising and no in app purchases either. Sounds like it would be great if it really works.
Hey Mark,
Jason Hanson answered your question in a Mailbag post. You can see it here: https://spyescapeandevasion.com/blog/2017/06/26/mailbag-monday-22/
I hope this answers your question.
Jason:
I just noticed that at about 2:33 and 6 or 7:13, the hands on an analog watch form the shape of a pistol. I am surprised that anti-gun zealots haven’t noticed this yet and tried banning analog watches and clocks for spreading dangerous, pro-gun and pro-violence propaganda. I can just see the Brit’s tearing down Big Ben. Actually, they are tearing down Big Ben, aren’t they? What do you think of this?
Jason:
I have noticed that there is still some debate about the importance of caliber size in the effectiveness of a weapon. I have a simple answer for the macho, big bore fans. If you read the FBI’s annual crime statistics report for about as many years as you care to go back, you will see that more murders are committed with.22 caliber weapons than any other caliber. If that doesn’t prove that accuracy and intent are far more important than caliber, nothing will.