Skip to content

Privacy and Security on the road- Part 3 WIFI

February 3, 2016
WIFI Pineapple

WIFI has become so common now that everyone who has a computer or phone uses it regularly.  There are a number of things to keep in mind when using WIFI.

Securing your home WIFI

For your home WIFI there are three things that everyone should do:

  1. Upgrade the firmware on the Wireless Router.  This should be done semi regularly (about once to twice a year).  As the device gets older it is less likely that updated firmware will be created.  This can present a risk in the future as it is common for hardware vendors to simply stop caring about a device after 6 months to a year after it is sold.
  2. Changing the admin password on the Wireless Router should be done on every new Router.  Normally routers will ship with a generic password, one that can easily be found doing a quick google.  Someone having your admin password can login remotely (sometimes from the internet or from your WIFI) and change settings like add a new WIFI network with no security.
  3. Make your WIFI Pre Shared Key as secures as possible.  This is the password anyone has to put in to actually use your WIFI.   Make sure you disable WPS if your router has it, this protocol can be cracked in minutes.  WEP is also very insecure and should never be used.  The only secure protocol is WPA and even some configurations of WPA are not as secure as others.  Choose WPA2 as opposed to WPA with AES encryption as opposed to TKIP encryption.  WPA2-AES does not currently have any known vulnerabilities in it.  Also like a regular password, the Pre Shared Key should be complex.  You only have to put it into a device once, so make it long and complex so it cannot be easily cracked (see the previous post on passwords).

Using public WIFI

Using public WIFI does bring some inherent risk, but there are some things you can do to protect yourself.  But remember you get what you pay for, free is free not free and secure.

Normally when you use free WIFI the first time, your phone or laptop will store the WIFI settings for the Starbucks you are at so next time you show up at a Starbucks anywhere in the world, your device will automatically connect for you.  This provides both convenience and huge risk.

The convenience is that you only have to attach to their network once, after that it happens like magic the next time.  However whenever you add a WIFI network to your device like the Starbucks network to your phone, your phone will forever constantly broadcast out saying “Starbucks are you there for me to connect to?”.  It will send these broadcasts out every few seconds no matter where you are.  The problem is that there is no way to prove that a network called “Starbucks” is owned by Starbucks, so what happens if I create an open free network called Starbucks at my house, well any device that has ever connected to a Starbucks WIFI network will connect to my home network whenever they are in range.  You may thing this is actually convenient but it is actually a huge security risk, as all your private information including passwords would be passed across my network.  I could then sniff and see this information.  Maybe this is not an issue for my friends and family as they may trust me.   The problem is that it is exceptionally easy for a hacker to “spoof” a legitimate WIFI network so your device will connect to it without you knowing and then they would start watching the data and capturing passwords.  There is even a tool that makes this process so stupid simple a high school kid could do it using a WIFI Pineapple.   This is called a Man in the Middle Attack, where someone pretends to be a legitimate WIFI network like Starbucks, lest you connect to them, and then passes you thru to the real WIFI network and watches all your data flow past basically like a phone wire tap.  Imagine creating a fake Starbucks network at the main train/subway station downtown during rush hour, or at a hockey game or at the RV show?  You would get thousands (possibly tens of thousands) of people connecting to your fake network and letting their data flow thru past your prying eyes.

So what can you do to protect yourself on a public WIFI network:

  1. the simplest thing is do not connect if you really do not need to
  2. if you do need access, try to avoid doing anything sensitive like internet banking
  3. if you do need to do something sensitive use a VPN service to encrypt your data so a Man in the Middle Attack cannot see the data and steal any of it (see more on this topic in the next post)
  4. When using public WIFI be sure the one you connect to is the one you think it is.  Also check the certificates in your browser for any site you visit to ensure the certificate matches the site.  If you go to Bank of America, the certificate should say Bank of America on it and it should not be expired or come up as invalid.
  5. this is probably one of the easiest steps to protect yourself but one that almost everyone refuses to do.  When you are done using the Starbucks WIFI, before you leave, Forget the network.  When you Forget the network, your phone will not be constantly shouting out saying “Starbucks are you nearby for me to connect to?”.   You should forget any common public WIFI network every time you finish using it, like McDonald’s, Starbucks, the KOA, or your local library.

Part 4 VPN’s

From → RV Tech

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: