How Easy Is It to Crack a Wi-Fi Network?
Pinterest Stumbleupon Whatsapp
Advertisement

Updated by James Frew on 11/06/2017

No matter your level of experience with computers, you probably have some idea about Wi-Fi security. You’ll know that your Wi-Fi network comes with a lengthy password with punctuation and numbers thrown into the mix. You may even have stumbled across the setting to hide your network’s name from other people. You’ve used these tools to your advantage — confident in the knowledge that your network is on lockdown. Or so you think. Just how secure are some of the common methods?

Hiding your Network SSID

A common misconception is that hiding your Wi-Fi network’s name is an effective means of obscuring and securing it from attackers. However, any commonly available Wi-Fi scanning tool will still show your network. The only difference is that instead of your chosen SSID, the network will be shown as hidden. All other details about the network are still broadcast and readily available for anyone that wants them How to Hide Your Wi-Fi Network & Prevent It From Being Seen How to Hide Your Wi-Fi Network & Prevent It From Being Seen Wireless networks are inherently less secure than wired networks. Is that why you want to hide your router? We'll show you how to do that and how to really secure your network. Read More . All this really does is make it harder for your family, friends, or customers to identify and connect to your network.

How Easy Is It to Crack a Wi-Fi Network? Kismet Screenshot

Instead of using the default Wi-Fi connection settings on their computer, laptop, or mobile device, they will be forced to manually input the network. Not only is this an inconvenience, but can lead to more issues than it solves. Some devices don’t play nicely with hidden networks, and it can cause connectivity problems. As the network is no more secure with the SSID hidden, our advice is to not bother hiding your SSID — the only person it’ll cause problems for is yourself.

WEP Passwords

When setting up and security your Wi-Fi network, you have a couple of options. Wired Equivalent Privacy (WEP) is the oldest standard, and is generally accepted to be almost as secure as having no password at all What Is WEP Wi-Fi Encryption & Why Is It Really Insecure? What Is WEP Wi-Fi Encryption & Why Is It Really Insecure? If you've set up a wireless network before, you've probably read or been told to use WPA2 instead of WEP, because WEP is bad. Why is that? And what is WEP anyway? Good questions. WEP... Read More . It was superseded by the much improved (but still flawed You're at Risk From a KRACK Attack: Everything You Need to Know You're at Risk From a KRACK Attack: Everything You Need to Know An exploit called "KRACK" (Key Reinstallation Attack) is making headlines. But what exactly is a KRACK attack? Can it be fixed? And what can you do about it? Let's take a look. Read More ) WPA2 in 2006. Even in 2011, it was almost laughably simple How to Crack Your Own WEP Network to Find Out Just How Insecure It Really Is How to Crack Your Own WEP Network to Find Out Just How Insecure It Really Is We’re constantly telling you that using WEP to 'secure' your wireless network is really a fools game, yet people still do it. Today I’d like to show you exactly how insecure WEP really is, by... Read More to break into WEP networks. In the years since, the tools to crack WEP have become more user friendly, allowing even novice hackers to compromise the network.

How Easy Is It to Crack a Wi-Fi Network? Aircrack Screenshot

While it was once the case that some older devices were incompatible with WPA2, nearly all modern devices have accepted the newer standard. Although most routers still offer WEP as an option, there is never a good reason to use it. If an older device still relies on WEP, then upgrade it rather than allowing that one device to compromise your network. Stay away from public Wi-Fi networks that use WEP too — they are easy targets for hackers. Public Wi-Fi networks are often easily compromised and used to listen in on your web traffic. This results in the hacker obtaining your passwords, payment information, and even bank login details. Give WEP secured public networks a wide-berth, even if you are using a VPN 7 Secure Strategies to Use Public Wi-Fi Safely on Phones 7 Secure Strategies to Use Public Wi-Fi Safely on Phones Is that public Wi-Fi network you just connected to safe? Before you sip your latte, and read Facebook, consider these simple secure strategies to using public Wi-Fi safely on your phone. Read More .

WPA & WPS

You might think that your 25 character WPA2-PSK WPA2, WEP, And Friends: What's The Best Way To Encrypt Your Wi-Fi? WPA2, WEP, And Friends: What's The Best Way To Encrypt Your Wi-Fi? When setting up wireless encryption on your router, you'll come across a variety of confusing terms -- WPA2, WPA, WEP, WPA-Personal, and WPA-Enterprise. Read More password is the best security available. That may be true, but it doesn’t mean you are fully protected. In an attempt to simplify the connection process, many routers use WPS technology. Wi-Fi Protected Setup (WPS) comes in the form of a one-touch button, or as a simple eight digit number printed on your router. The eight digit number bypasses the need for a complex alphanumeric password. Replacing a long, complex password with a short numeric one sounds like the exact opposite of good security advice 7 Ways To Make Up Passwords That Are Both Secure & Memorable 7 Ways To Make Up Passwords That Are Both Secure & Memorable Having a different password for each service is a must in today's online world, but there's a terrible weakness to randomly generated passwords: it's impossible to remember them all. But how can you possibly remember... Read More . The manufacturers are aware of this, so to prevent brute force hacking, there is a 60 second cooldown after three failed attempts. To randomly attack an eight digit password like this would take 6.3 years. You’d probably notice if someone was parked outside for that long.

Unfortunately, they did make a slight oversight — they split the passkey number in 2 sets of 4 digits. After cracking the first four digits, the router sends a helpful confirmation that set was correct. The hacker can then save those four for reference. This means that instead of eight digits, you only need to crack four numbers twice. The 6.3 year calculation time is now reduced to just less than a day.

To make matters worse, some manufacturers don’t even implement the cooldown period between failed attempts. This means that with the right tool Think Your WPA-Protected Wifi Is Secure? Think Again - Here Comes The Reaver Think Your WPA-Protected Wifi Is Secure? Think Again - Here Comes The Reaver By now, we should all be aware of the dangers of securing networks with WEP, which I demonstrated before how you could hack in 5 minutes. The advice has always been to use WPA or... Read More , even your WPA2 network can be cracked in just a few hours. Since WPS is a requirement for all Wi-Fi routers, and enabled by default, your router is almost certainly at risk. To protect yourself, head into your router’s settings and disable WPS completely How to Configure Your Router to Make Your Home Network Really Secure How to Configure Your Router to Make Your Home Network Really Secure Default router settings put your network at risk, allowing freeloading strangers to squeeze nadwidth and potentially commit crimes. Use our summary to configure your standard router settings to prevent unauthorized access to your network. Read More . Be sure to rerun your tests after disabling this — some routers have a separate internal WPS pin that cannot be disabled.

How Secure Is Your Wi-Fi?

The unfortunate reality is that no matter how many precautions you take, the chances of your Wi-Fi network being completely secure are exceedingly low. Given enough motivation and time, even the most secure networks will eventually give in to a hacker’s efforts. The most effective method of preventing wireless attacks is to disable Wi-Fi altogether. However, with so many wireless devices dotted about our homes, this might not be practical.

Instead, if you are using a router provided by your ISP, switch it to modem mode, and use another router for the Wi-Fi network. As always, make sure that all your devices are up to date, and your router is running the latest firmware 7 Tips to Secure Your Wi-Fi Network in Minutes 7 Tips to Secure Your Wi-Fi Network in Minutes Is someone sniffing and eavesdropping on your Wi-Fi traffic, stealing your passwords and credit card numbers? Would you even know if somebody was? Probably not, so secure your wireless network with these 7 simple steps. Read More . If you want to take things one step further, you could replace the default firmware with an alternative like Tomato The Top 6 Alternative Firmwares for Your Router The Top 6 Alternative Firmwares for Your Router Alternative firmwares offer more features and better functionality than stock firmwares. Here are some of the best ones to use. Read More or DD-WRT What Is DD-WRT And How It Can Make Your Router Into A Super-Router What Is DD-WRT And How It Can Make Your Router Into A Super-Router In this article, I'm going to show you some of the coolest features of DD-WRT which, if you decide to make use of, will allow you to transform your own router into the super-router of... Read More .

How many of these vulnerabilities did you know? Have you taken steps to secure yourself? Is there anything you think we missed? Let us know in the comments below!

Leave a Reply

Your email address will not be published. Required fields are marked *

  1. rahul dagundi
    May 4, 2016 at 11:43 pm

    Thanks for the article, guys! It worked for me. I have been searching for this for a long time but the internet is full of fakes like https://www.youtube.com/watch?v=XGssV5hclwc

    You article was one of the exceptions.
    We should promote stuff like your article to make internet more efficient
    Thanks!

  2. Darrell Thomas
    December 18, 2012 at 9:13 pm

    ill give this ago later tonight see if mines hackable hopefully not as thats the first thing i do is disable WPS but yeah thanks for the write up

  3. Parigyan
    November 30, 2012 at 1:30 pm

    Very Informative post James ! I have learnt much from this article !

  4. Ali Ehsan
    November 29, 2012 at 1:20 pm

    thanks for sharing this information with us :)

  5. Howart Smith
    November 21, 2012 at 6:17 am

    I am using Hotspot Shield Free VPN while using wifi hotspots. Hotspot Shield free Wi-Fi security software encrypts sensitive data and provides total protection from

    hackers at such vulnerable places.

    Check it out here: http://www.hotspotshield.com/wifi-security

  6. Prasanth Mathialagan
    November 18, 2012 at 5:11 pm

    Excellent article on Wireless security!!!

  7. Jim Spencer
    November 15, 2012 at 9:43 am

    Good Article James! It should remind every one of us to be vigilant in protecting our back door!

  8. Sean A
    November 15, 2012 at 3:28 am

    I use subterfuge to get into networks when I have to

  9. Christopher Webb
    November 14, 2012 at 9:28 pm

    What is the most secure Wifi encryption that can be used for Airports?

  10. Timothy Clark
    November 14, 2012 at 6:42 pm

    The amount of "security risks" on the internet are completely ridiculous any more, not too mention all the useless stuff. ha

  11. Knut H. Flottorp
    November 13, 2012 at 5:53 pm

    On the Nokia N900 - that runs Linux (Maemo) you can install "Cleven" which will crack most networks. The 2.4GHz frequency used by WLAN is unprotected, and in general available for anyone Your channel is in the public domain and your usage of your frequency is on behalf of someone else.
    So, like CB radio, do not tell anything you do not want others to know. Be schizo and use wired connection only for your banking, but the rest of us, please grow up. We just have to stick with this silly technology. The Americans likes it this way and exhibited great effort to stop safer systems. Thank goes to the FCC.

  12. Douglas Mutay
    November 13, 2012 at 8:31 am

    Thanks for the article. My WPS was activated. I have just changed it. ;-)

  13. Boni Oloff
    November 12, 2012 at 12:34 am

    Looks like the wired modem more secure than the WiFi..

  14. Adu Joseph Lartey
    November 11, 2012 at 8:07 pm

    This site really acquaints me with a lot useful information. Keep it up,you guys are doing a wonderful job.

  15. Ihtisham ul haq haq
    November 11, 2012 at 6:09 pm

    thanks for nice tips

  16. Adrian Rea
    November 11, 2012 at 8:43 am

    Thank you, This has opened a new avenue of security tidying up that I have to do!

  17. Michael Jan Moratalla
    November 10, 2012 at 3:41 pm

    thanks for this

    • shanthi
      April 8, 2015 at 4:18 pm

      wi fi

  18. Lisa Santika Onggrid
    November 10, 2012 at 3:03 pm

    Do you have any personal recommendation to secure a personal WiFi network?

  19. vineed gangadharan
    November 10, 2012 at 1:53 pm

    thanks for the article :)

  20. Mitesh Budhabhatti
    November 10, 2012 at 8:29 am

    Now WiFi is everywhere. Even here in India WiFi is getting popular so fast. do you think there will ever be a convincingly secure method against this hacking?

    • James Bruce
      November 10, 2012 at 9:31 am

      Yes, run your own custom firmware and you can completely disable WPS. Just stock routers are affected really.

  21. Ali
    November 10, 2012 at 7:57 am

    "do you still think you’re secure?"
    YES, I'm secure!
    I have MAC address filter, any device not listed on the white list can't access my network, it can't even get to authentication phase! the router refuses the connection immediately, sorry, but I think turning wifi is just stupid, make a MAC address white list + disable WPS + use WPA2 secret key + hide router's SSID and WHOA! you have the most secure wireless network ever.

    • James Bruce
      November 10, 2012 at 9:30 am

      It's fairly solid, but your router likely still has an internal WPS pin unless you're running custom firmware; also, spoofing MAC address is one line command, and detecting an existing device on your network is childs play. So, not impossible, but difficult enough that I would have moved onto another neighbour instead.

      • Ali
        November 10, 2012 at 7:01 pm

        how you can spoof any MAC address without even knowing what are the white listed MAC addresses on my router?

        • James Bruce
          November 10, 2012 at 7:32 pm

          By simply listening to your network traffic; you don't need to be authenticated on a network in order to listen in promiscous mode. Of course, if none of your devices ever connect to the network it would be impossible to find their MAC addresses, but then what would be the point of having a network in the first place?

    • Jay Maynard
      November 10, 2012 at 9:35 am

      Bet me.

      Various tools in the Aircrack-ng suite will let me see if anything is "associated" with the router(AP or Access Point). If I really need your bssid, a deauthentication command can be sent that disconnects everything from the router, they will automatically reconnect, and during the reconnect handshake your bssid will now show up in Airodump-ng. Macchanger will allow me to change the MAC address of my wireless card to match that of the associated device, and now I'm a device on the white list. Defeating your hidden bssid and MAC filtering took about 20 seconds. Maybe. Changing my MAC to match a different device (not one of yours, just someone else's, to cover my tracks), I start Reaver, and go to my place of employment, letting it run while I'm gone. Chances are, by the time I get home, I'll have your PIN. That is, if your router has the timeout feature. If not, a computer with enough CPU speed and enough RAM, will have your PIN in minutes, probable quicker than defeating WEP.

      What this all boils down to is, if you can't completely disable WPS, you are vulnerable.

      • Knut H. Flottorp
        November 13, 2012 at 8:35 pm

        Well said - I have the same on my mobile (N900), so people can move around and crack it. It is important to let the folks know that their networks can be hacked, and in particular that the banks are told that the PIN you have to submit on the Internet bank is visible to anyone that bother.
        If you can listen-in, our message must be encrypted. Now how can you do that? Is there any routers in the market that allows for own/ proprietary encryption? How can you configure a network for this?

        Let me start by asking: Is there any access points that support bluetooth?

    • Jay Maynard
      November 10, 2012 at 9:35 am
    • Jay Maynard
      November 10, 2012 at 9:39 am

      Actually the WPS PIN is:
      4 digit PIN + 3 digit PIN + 1 digit check sum = only about 11,000 number combinations.

      • James Bruce
        November 10, 2012 at 9:43 am

        Thanks Jay. That's even worse!

    • Jay Maynard
      November 10, 2012 at 9:39 am

      Actually the WPS PIN is:
      4 digit PIN + 3 digit PIN + 1 digit check sum = only about 11,000 number combinations.

    • Jeefi
      November 13, 2017 at 4:35 am

      Not that easy...

  22. Zhong Jiang
    November 10, 2012 at 4:14 am

    If your wireless access point have been hacked, there's a log of intrusion recorded in the router and it'll signal to the user that their internet connection is compromised. It's also safe to add that people should use ethernet cord to access the web since not only is it more reliable and faster, it won't have the vulnerabilities that of a wireless access point.

    • Doc
      November 10, 2012 at 5:06 am

      Most consumers won't know there's an access log in the router, or know how to read it or what any of it means. After all, if a notification box doesn't pop up on your screen, are you going to think to look at it? (Most users won't even know how to log into their router's Admin page!)

      • Zhong Jiang
        November 11, 2012 at 5:19 am

        That's exactly the reason why they are reading this article; changing their perspective on who they share their internet connection with. The common user don't usually care for these precautions because they tend to think everything will be fine until problems arises.

      • Knut H. Flottorp
        November 13, 2012 at 8:09 pm

        Read the DHCP allocation lease-log and see if you know everyone that has been awarded a lease. But with all phones being Android-82356554654 - its not easy.

        So, use permanent allocation of IP addresses. For every new computer or phone or printer or television/stereo that access it, connect one at a time, and insert the address pair MAC/IP address as permanent. Work your way, one by one. and then tick off "Permanent IP address ONLY".

        They will then still be able to listen in and even duplicate one of your MAC addresses - but this is another fence that is difficult to cross.

  23. Yudono R.A.
    November 10, 2012 at 2:17 am

    wow.. luckily my internet connection don't use wi-fi (i use cable modem)
    i'll share it to my friends that use wi-fi fabout this info, thanks for the information

    • Doc
      November 10, 2012 at 5:02 am

      The article isn't about getting your Internet by wifi; it's about the wireless router that's inside the cable modem, or the router you've attached to the cable modem, being insecure - if you have WiFi turned on at all (to connect a PC, a laptop, a Wifi-connected TV or DVD player, or a game console), you're probably vulnerable.

  24. Jon Smith
    November 10, 2012 at 12:52 am

    nice its really annoying for my neighbors "borrowing" my wifi, I'm going to change some things now...

  25. Kaashif Haja
    November 10, 2012 at 12:49 am

    Nice Article!
    Changing my router's & modem's username and password, will it be of any help?

    • Doc
      November 10, 2012 at 5:05 am

      No, that's just for logging in and changing your router's setup; this is about the encryption keys you use to connect to the WiFi in the first place ("This wireless connection requires a security key to connect.") Apparently, the newest standard, WPA2, is still quite vulnerable in a lot of the router firmware, no matter how new or up-to-date the vendors' firmware (the operating system running inside the router) is...

    • Knut H. Flottorp
      November 13, 2012 at 7:59 pm

      YES - that is the most important security issue.
      My router has been hacked, and caused a Denial of Service where the only way out was to reload the binary image of the router, and re-instate all PC and rights. Most routers have a utility to back up this - do it.

      The next is to change username of Admin to something else, and place a password - and change the password regularly. Most routers run Linux, so block the telnet and ftp port on this, and use e.g. port 8080 for http access to manage it, and limit the interface to the LAN IP only.

  26. Craig
    November 9, 2012 at 8:28 pm

    I also implement MAC address filtering so as only allow MAC addresses registered on my router to be accepted.
    I know some smart @ss will say ' yeah but you can spoof MAC addresses', but, really, is it worth it just to get some free wifi?

    • James Bruce
      November 10, 2012 at 9:32 am

      Is the worth one line command to spoof MAC address? Sure, depends on what you're trying to achieve. Free internet is not really the concern here - you can get that in Starbucks - what is a big deal is downloading something illegal, like torrents, or worse.

      • craig
        November 10, 2012 at 3:54 pm

        James,
        In reality I think the chances of someone cracking my network password, spoofing one of my MAC addresses, living next door, just in order to possibly do something possibly illegal is about 0. I'll take my chances and not listen to the FUD, (Fear, Uncertainty and Doubt) as practiced by yourself.

        • James Bruce
          November 10, 2012 at 4:56 pm

          Well, you know your neighbours better than I do.

        • craig
          November 10, 2012 at 5:02 pm

          and, in any case any evidence of their 'illegal' activity would not be found on any of my computers.

        • James Bruce
          November 10, 2012 at 5:10 pm

          If they managed to join your network, they could easily place files into the shared directories. It wouldnt matter though. You'd already have your machines confiscated for 6 months while the authorities search them.

          I'm not arguing; the chances of all this happening are very close to zero. The point of this article was to show how insecure wifi is; not how likely it is that someone would hack you.

        • Knut H. Flottorp
          November 13, 2012 at 6:08 pm

          First it is far from illegal to itch a ride, your neighbor has the same right as you to the WLAN radio frequencies. There are just a limited number of channels available for everyone, so sharing an access point should be more the norm.
          Windows SMB - or "Samba" has a notion of "user" and allows you to implement protection. The printer and DLNA storage on your router is open to everyone. Regardless, everyone should limit access to files and network resources. Consider that all is open once it is accessible outside your wall.

        • dragonmouth
          November 13, 2012 at 1:18 pm

          Craig,
          using "security by obscurity", like you are doing, is like using the Rythm Method for family planning. Sooner or later, you become a parent. In both cases, the question is WHEN, not IF.

        • craig
          November 13, 2012 at 4:18 pm

          Dragonmouth,
          Security is all about taking measures that are appropriate for the perceived level of risk.

        • Knut H. Flottorp
          November 13, 2012 at 5:59 pm

          There is nothing you can do - he has the same right to those radio frequencies as you have, which many forgets.
          You should impose a MAC address mapping scheme, so he does not pinch your internet connection. or better sign a peace treaty and ask him to chip in on your connection fee.

          The SSID should always be readable and identify who allocates the shared resource, so that you can approach a nasty neighbor that blocks your frequency to shut up. Then your neighbour can also approach you and propose to chip in.

  27. Chuck
    November 9, 2012 at 8:24 pm

    How secure is the WiFi if one uses an permitted mac id list in addition to WPA-PSK?

  28. Anthony Monori
    November 9, 2012 at 7:59 pm

    Thanks for the tip about WPS! I'll definitely disable it.

  29. Mihovil Pletikos
    November 9, 2012 at 7:59 pm

    don't forget about openwrt.... it works also works great with many cheap routers and you can disable any wps and similar stuff :)
    btw. people should at least "configure" their wps, because if not their network is totally open and allows other people to "configure" it for them

    • James Bruce
      November 10, 2012 at 9:32 am

      Good advice; custom firmware is the only secure way to go.

  30. Anonymous
    November 9, 2012 at 7:45 pm

    Realy, your chances of being hacked (if you're using WPS-PSK) are exceedingly low. First of all you would have to worth the effort involved - and OK let's say you live next door to a geek like the rest of us that read this who has the tools and the time, then what? USE DD-WRT and if your router isn't supported but DD-WRT then BUY ONE THAT IS and secure that sucker.

    • James Bruce
      November 10, 2012 at 9:34 am

      Firstly - yep, great advice; custom firmware is far more secure and can be made invulnerable to the reaver.

      However, the reaver hack is very simple; I wrote an easy tutorial on how to test yourself. You're right in saying "chances are low", but that's not really the point.

  31. becky
    November 9, 2012 at 7:38 pm

    Some routers from cable companies don't allow you to replace the firmware

    • Achraf Almouloudi
      November 12, 2012 at 3:45 am

      I have seen some but they seem to allow, can you please tell me one that cannot update it's firmware .

  32. vk
    November 9, 2012 at 6:12 pm

    What if the router has WPS but you haven't used it to setup your WPA2-PSK security and given your own lengthy key? Is it still going to be vulnerable?

    • Muo TechGuy
      November 9, 2012 at 6:15 pm

      Yes, still vulnerable. It is activated by default, and even then some cannot be deactivated; of those that can be decactivated, some include another internal one anyway, which cannot be deactivated. Best way to tell is to try and hack your own router....

    • Achraf Almouloudi
      November 12, 2012 at 3:44 am

      Although you've never used it, if it exists and enabled then the hacker would be able to hack using it .