Wi-Fi is a fundamental part of most people’s home internet setups. However, for how important it is, we rarely think about how secure our Wi-Fi setups are. Routers provided by an ISP tend to work straight out of the box, so it’s easy to just plug it in and assume the Wi-Fi settings you’re using are good enough.
That might hold true most of the time, but there are a couple of huge security holes in Wi-Fi you should be aware of before you connect your shiny new Wi-Fi-enabled router to the internet. We’ve put together a quick primer explaining how home Wi-Fi works and the pitfalls you need to look out for if you want to improve your Wi-Fi security.
How your home Wi-Fi works
Understanding exactly how Wi-Fi works will give you a better idea of how you can make yours more secure, so let’s quickly go over how Wi-Fi connects your devices to the internet.
When you sign up with an ISP, you’ll usually be sent a Wi-Fi router with a modem built into the same device. The modem handles communication with the outside internet through your ISP, while the router sends traffic back and forth between each device on your network, including the modem.
On a Wi-Fi-enabled router, the Wi-Fi access point sends data by broadcasting it as a radio wave. Any Wi-Fi-enabled device that’s connected to the network can receive these radio signals and decode them back into packets of network traffic that the device can then process.
The secure shortlist
Looking to supercharge your digital privacy? Check out our guide to today’s best VPNs, based on our own, hands-on, in-house testing.
To send information to other devices or out to the internet, the Wi-Fi-enabled device transmits radio waves that the Wi-Fi access point receives and decodes for the router. The router then sends data back to the receiving device, just the same as if it had received traffic from a wired device.
This back-and-forth of radio waves is how a Wi-Fi-enabled device sends and receives data from websites, making internet access seamless without the need to physically connect to a router.
Of course, it’s pretty convenient to be able to connect a new device to the internet without having to figure out new Ethernet cabling or huddling by the router. However, that convenience comes with some extra security considerations. Radio waves don’t stop at your home’s boundaries. In fact, if you open up a Wi-Fi device right now, you’re quite likely to see a bunch of Wi-Fi access points from other homes and businesses.
That’s where encryption comes into play. While a Wi-Fi access point can be configured so that anyone can connect to it, most routers come pre-configured with secure encryption protocols, which make Wi-Fi at least somewhat secure by default. Basically, before the radio waves leave the Wi-Fi access point, they’re encrypted using a secret that the device being communicated with also knows.
This scrambles the data while it’s being transmitted through the air, so even if another person was listening with a Wi-Fi-enabled device for the traffic being sent through your Wi-Fi network, all they would see is meaningless gibberish. To decrypt this traffic, you need to know a shared secret, which is usually a password but can also be a private key.
The Wi-Fi weak points
When Wi-Fi is configured properly, it’s secure enough to handle all of your private information. The only way to be sure that your Wi-Fi setup is up to scratch is to be aware of the possible security pitfalls from an insecure setup, so we’ve outlined some of the common problems with Wi-Fi.
When you set up a Wi-Fi network, you have the choice of using one of several different protocols for security. The biggest issue with Wi-Fi is that not all security schemes it supports are actually secure.
Let’s take WEP, for instance. WEP is vulnerable to several well-documented decryption attacks, which allow a hacker to essentially pluck your Wi-Fi password out of the air if they wait long enough. You aren’t likely to come across a router secured by WEP if you receive a new one from your ISP, but if you’re buying an older router second-hand, it may still be configured to use WEP.
Needless to say, you shouldn’t be using WEP. It’s better than no security at all, but even a basic attacker can break into a network secured by WEP. WPA1 isn’t much better, either. WPA1 is a replacement for WEP that uses TKIP as its encryption scheme, which is now also considered insecure and outdated.
You should also check whether your router comes with a unique username and password combination or a generic one. If it’s something like “admin/admin”, it’s very likely that the default credentials are posted on the internet. While a hacker is unlikely to be able to take advantage of that information over the internet, if they have physical access to the device, it’s trivial to log in and start changing settings on the router.
Thinking about the other devices on your network is just as important as securing your router, too. IoT devices are notorious for having poor security, especially budget smart devices. Some use weak default passwords, others don’t enforce authentication at all, and most have some combination of Wi-Fi and Bluetooth tech baked in. These devices can increase the attack surface for a hacker sniffing out vulnerable Wi-Fi networks, so
So, why does keeping your Wi-Fi network secure even matter? After all, most of the internet traffic you send over the internet is encrypted by SSL anyway. Well, just because your web traffic is encrypted doesn’t mean all of the protocols you use are. Giving a hacker a foothold inside your network means they can monitor all of the traffic being sent between your devices, waiting for an unencrypted password to be sent.
If an attacker is able to access your router’s admin settings too, they can launch a range of attacks to take over your other devices. For example, they might use techniques like DNS hijacking to download malware on your main device or redirect you to a phishing site.
How you can improve your home Wi-Fi security
While there’s a lot to lose if your Wi-Fi security isn’t set up properly, you can significantly improve your defenses with just a few quick checks. We’ve outlined the key actions you should take below if you’re worried about your home Wi-Fi security:
- Change your router’s default login credentials: Your router will come with login details for the admin panel, either in the packaging or on the router itself. As a precaution, it’s worth accessing the admin panel while you’re setting your router up and changing the default login username and password.
- Enable WPA2 or WPA3 encryption: These protocols are necessary to keep your local network traffic private. If you’re only using WPA1 or WEP on your Wi-Fi router, you should either set up WPA2 or WPA3 immediately or upgrade to a router that supports WPA2 at least.
- Enable a router firewall: Some routers include a built-in firewall, which you can use to keep hackers from accessing your network from the internet. Check your router settings to see if it’s on by default, and if it’s off, it’s time to turn it on.
- Hide your SSID: Turning the SSID broadcast off will stop your network from turning up in the list of available networks on most devices. While this hides your network from casual attackers, determined hackers can still detect your Wi-Fi network. You’ll also need to enter your SSID manually when enrolling new devices onto the network.
- Disable remote administration: If your router has any features that allow you to access its settings from outside of the local network, you should disable them. It’s unlikely you’ll need this functionality, whereas for attackers, it’s an additional attack vector that could potentially be exploited.
- Keep your router software updated: It’s a chore, but you should make sure that your router’s firmware is up to date. If there’s an option for automatic updates, turn it on. Otherwise, you’ll need to regularly check in with your manufacturer’s website to see if there are any updates available.
- Use a VPN: Most of the advice we’ve offered here is on the basis that you have the ability to configure your own personal router. However, if you’re using a router you can’t control or you’re on public Wi-Fi, it’s best to have an extra layer of security in place. The best secure VPNs encrypt your traffic before it leaves your device, so even if an attacker can monitor your local network traffic through Wi-Fi, they won’t be able to read anything.
We test and review VPN services in the context of legal recreational uses. For example: 1. Accessing a service from another country (subject to the terms and conditions of that service). 2. Protecting your online security and strengthening your online privacy when abroad. We do not support or condone the illegal or malicious use of VPN services. Consuming pirated content that is paid-for is neither endorsed nor approved by Future Publishing.
