How many Wi-Fi signals are there in your immediate vicinity? If you live on a terrace, you might see 10 individual SSIDs. How about an apartment block? Wi-Fi signals are broadcast throughout the building, up and down, in and out. In fact, there is a good chance your internet speed is being negatively affected through this cacophony of wireless signals.
There is another issue here, too. If your Wi-Fi SSID is being broadcast to the surrounding houses and your security is lacklustre, there is a chance your internet is being stolen.
Here’s how you lock them out.
Check Your Router
Your first port of call is your router. If a neighbor is stealing your precious bandwidth their activity will appear in your router. Unfortunately, not every router contains or grants access to this information.
Log in to your router by typing its IP address directly into your browser. For the vast majority of routers this can be achieved by typing either 192.168.0.1, 192.168.1.1, or 192.168.1.254. The router IP address is sometimes printed on the router itself, along with the username and password needed to login. If all else fails, here is a list of common router addresses.
Once logged in, search for a section called Attached Devices or Device List. On a DD-WRT-flashed router this section appears under Status > Wireless. Once you find the page, check the connected devices. I’ve posted the current wireless connections to my own router below. I can account for every device.
If you cannot, you’ve got an intruder. There should be an option to remove, delete, or block the device from connecting to your router.
Change the Default Admin Password
Your router came with a default admin username and password. This should be one of the first things you change.
There are numerous websites that allow you to search for default login credentials by router model. This is clearly a risk, so change the admin password via your router’s web page.
Check Your Security Settings
The thief has a way through your security settings. This, on the presumption that you have enough security to keep someone out. Some routers automatically create a connection for you. They might not use the strongest security settings available.
Goodness knows why they wouldn’t, but it certainly happens.
You must absolutely use the WPA2 encryption standard to protect your password. If you’re currently using WEP, stop right now! WEP is the oldest, least-secure way to protect your Wi-Fi. WEP is about as useful as a chocolate teapot: it is very easy to crack and will only keep out the most casual of casual users.
Your router will support the much stronger WPA2 security standard. While it isn’t perfect, it will deter all but the most desperate.
Hide Your SSID
This might help in dense concentration of network signals. Your SSID — the name of your Wi-Fi network — will not be broadcast to the surrounding area. However, anyone can use freely available hacking tools such as Backtrack to reveal it immediately.
Alternatively, rename your SSID to something terrifying.
Turn Off WPS
The Wi-Fi Protected Setup (WPS) is another potential vulnerability that can be exploited to gain access to your internet. WPS is susceptible to an online brute-force attack when using a PIN to validate new connections. The issue stems from how the PIN is processed.
Turn off WPS on secure WiFi. Most of the secured WiFi are also hackable via WPS. Also disable WiFi broadcast & thn stop crying on high bills https://t.co/5NzLilC39g
— Atul kumar (@_AtulKumar_) January 2, 2017
The PIN is an eight-digit number. When a new computer attempts to access the connection using a PIN, it is checked for validity… in two halves. Cutting the number in half drastically reduces the number of guesses needed to recover the PIN. This is further reduced since the second half of the PIN only has three active digits, reducing the number of combinations to 1,000.
When a new computer attempts to access the connection, a PIN is created. The PIN consists of eight-digits. The validation process checks the first and second halves of the PIN as separate entities. Furthermore, the second half has only three active digits. Consequently, the first four digits have 10,000 combinations, the second (reduced) three digits have 1,000, resulting in a miserly 11,000 potential PIN combinations.
The tool originally created to exploit this vulnerability was sold for a cool $1.5 million. Since then the Reaver exploit has become widespread. Kali Linux users will be familiar with Bully, another WPS-hack tool included with the security-focused Linux distribution.
Passphrase vs. Password
How is your memory? Remembering a stack of strong, unique passwords is extremely difficult. I can remember 10–20 on a really good day, and probably after a strong coffee. Luckily, your device will remember your password. All you have to do is change it to something memorable. The password becomes stronger with each unique character.
Consider, though, an alternative: a passphrase. A passphrase is as it sounds. Instead of combining a really difficult-to-remember set of characters, you can create a much longer passphrase in its place. A passphrase has infinitely more characters, and can still include a few misnomers to throw off a potential hacker. Here is an extremely relevant XKCD:
There really is an XKCD for everything. But it does illustrate the beauty of using a passphrase over a password. Your neighbor cannot possibly know this, so use one.
Misnomer: MAC Address Filtering
Your laptop, your phone, your tablet, and even your router has a unique MAC address. Don’t know what it is? Here’s how you can find out. It can be used to identify specific gadgets throughout your home, as well as the device of a neighbor piggybacking on your internet. MAC filtering is easy to setup.
Unfortunately, it is trivially easy to change or spoof a MAC address. You could identify the specific MAC address used by your neighbor, and block it, only to find them back online.
The spoofing is an issue, too.
If they can connect to your Wi-Fi, there is a chance they’ve noted the MAC addresses of your devices. This would render a proactive whitelist approach somewhat useless as the thief could spoof the MAC of a whitelisted device.
Finally, each time you want to connect a new device to your network, you’ll have to find the MAC address and add it to the filtering system.
Keep an Eye on It
It is extremely easy to keep a close eye on what is connected to your router using your smartphone. We suggest Fing – Network Tools. The free application is available for both iPhone and Android devices.
Fing lists each device currently connected to the same Wi-Fi network as you, and displays a handy range of information. You can add specific information relating to your devices to keep track of them.
Lock It Down!
In all seriousness, the biggest and easiest thing you can do right now is ensure you’re using WPA2 with a strong password or passphrase. If someone is looking to leech your internet, they’re highly likely to be deterred by this combination.
Unless you’re guarding Satoshi Nakamoto’s Bitcoin stash or the Colonel’s Original Recipe, this combination should keep all but the most ardent hackers out of your Wi-Fi, and out of your life.
Have you found a Wi-Fi thief pilfering your bandwidth? How did you realize? What did you do to stop them? Do you have any tips for our readers? Let us know your experiences below!
Image Credits: Luis Molinero/Shutterstock