By Gavin Phillips
How many Wi-Fi signals are there in your immediate vicinity? If you live on a terrace, you might see 10 individual SSIDs. How about an apartment block? Wi-Fi signals are broadcast throughout the building, up and down, in and out. In fact, there is a good chance your internet speed is being negatively affected through this cacophony of wireless signals.
There is another issue here, too. If your Wi-Fi SSID is being broadcast to the surrounding houses and your security is lacklustre, there is a chance your internet is being stolen.
Here’s how you lock them out.
Check Your Router
Your first port of call is your router. If a neighbor is stealing your precious bandwidth their activity will appear in your router. Unfortunately, not every router contains or grants access to this information.
Log in to your router by typing its IP address directly into your browser. For the vast majority of routers this can be achieved by typing either 192.168.0.1, 192.168.1.1, or 192.168.1.254. The router IP address is sometimes printed on the router itself, along with the username and password needed to login. If all else fails, here is a list of common router addresses.
If you cannot, you’ve got an intruder. There should be an option to remove, delete, or block the device from connecting to your router.
Change the Default Admin Password
Your router came with a default admin username and password. This should be one of the first things you change.
There are numerous websites that allow you to search for default login credentials by router model. This is clearly a risk, so change the admin password via your router’s web page.
Check Your Security Settings
The thief has a way through your security settings. This, on the presumption that you have enough security to keep someone out. Some routers automatically create a connection for you. They might not use the strongest security settings available.
Goodness knows why they wouldn’t, but it certainly happens.
Your router will support the much stronger WPA2 security standard. While it isn’t perfect, it will deter all but the most desperate.
Hide Your SSID
Alternatively, rename your SSID to something terrifying.
Turn Off WPS
The Wi-Fi Protected Setup (WPS) is another potential vulnerability that can be exploited to gain access to your internet. WPS is susceptible to an online brute-force attack when using a PIN to validate new connections. The issue stems from how the PIN is processed.
The PIN is an eight-digit number. When a new computer attempts to access the connection using a PIN, it is checked for validity… in two halves. Cutting the number in half drastically reduces the number of guesses needed to recover the PIN. This is further reduced since the second half of the PIN only has three active digits, reducing the number of combinations to 1,000.
When a new computer attempts to access the connection, a PIN is created. The PIN consists of eight-digits. The validation process checks the first and second halves of the PIN as separate entities. Furthermore, the second half has only three active digits. Consequently, the first four digits have 10,000 combinations, the second (reduced) three digits have 1,000, resulting in a miserly 11,000 potential PIN combinations.
Passphrase vs. Password
How is your memory? Remembering a stack of strong, unique passwords is extremely difficult. I can remember 10–20 on a really good day, and probably after a strong coffee. Luckily, your device will remember your password. All you have to do is change it to something memorable. The password becomes stronger with each unique character.
Consider, though, an alternative: a passphrase. A passphrase is as it sounds. Instead of combining a really difficult-to-remember set of characters, you can create a much longer passphrase in its place. A passphrase has infinitely more characters, and can still include a few misnomers to throw off a potential hacker. Here is an extremely relevant XKCD:
There really is an XKCD for everything. But it does illustrate the beauty of using a passphrase over a password. Your neighbor cannot possibly know this, so use one.
Misnomer: MAC Address Filtering
Unfortunately, it is trivially easy to change or spoof a MAC address. You could identify the specific MAC address used by your neighbor, and block it, only to find them back online.
The spoofing is an issue, too.
If they can connect to your Wi-Fi, there is a chance they’ve noted the MAC addresses of your devices. This would render a proactive whitelist approach somewhat useless as the thief could spoof the MAC of a whitelisted device.
Finally, each time you want to connect a new device to your network, you’ll have to find the MAC address and add it to the filtering system.
Keep an Eye on It
Fing lists each device currently connected to the same Wi-Fi network as you, and displays a handy range of information. You can add specific information relating to your devices to keep track of them.
Lock It Down!
Unless you’re guarding Satoshi Nakamoto’s Bitcoin stash or the Colonel’s Original Recipe, this combination should keep all but the most ardent hackers out of your Wi-Fi, and out of your life.
Have you found a Wi-Fi thief pilfering your bandwidth? How did you realize? What did you do to stop them? Do you have any tips for our readers? Let us know your experiences below!
Image Credits: Luis Molinero/Shutterstock Source: www.makeuseof.com