WiFi, as secure as it is claimed to be in modern times, is still a widely targeted network type. There are various vulnerabilities still at large in WiFi protocols that allow intruders to get inside networks easily.
One of the most common intrusion methods is WPA Handshake capture. In this method, an attacker intercepts network packets and tries to fish out the network password from them.
The way these attack works is as follows. The attacker first sends a deauthentication packet to the WiFi beacon (or router). This packet disconnects all devices from the WiFi, and the user has to reconnect.
When a device is reconnected, it sends out a WPA handshake packet. This package contains vital information such as the password and several other parameters used to authenticate the client.
The attacker intercepts this package and uses a variety of attacks to find out the password from this packet. The most common method is brute forcing.
Brute forcing is essentially trying out passwords until one matches the packet. Passwords are fetched from word lists that contain thousands of passwords accumulated by hackers over the years.
How to keep your WiFi network safe?
Now that you know how easy it might be to hack a WiFi network, here are a few tips to help you keep it safe
Change the default router password
Seems pretty obvious right? Wrong.
A lot of people tend to overlook this tiny detail. The default password on most routers remains unchanged. An attacker can leverage this vulnerability and can change your router settings without your knowledge.
Don’t broadcast your WiFi SSID
When a WiFi SSID is publicly broadcasted, it becomes easy for attackers to detect it. Hiding your WiFi SSID can make your WiFi undetectable to attackers.
Note that there are ways using which these attackers can find your hidden SSID but regardless, it adds an extra step.
Also read: WiFi 6 (802.11ax) – The Next Big Thing?
WPA stands for WiFi Protected Access.
If you notice carefully, you’ll find a small button behind your router labelled ‘WPA’. What this button does is authenticate any client who’s trying to connect to your WiFi — a big no-no from a security perspective.
Most WiFis are secured by WPA-PSK encryption by default.
WPA2-PSK is an enterprise-grade security protocol for WiFi which has its own added benefits. Using this protocol, every client gets their own set of username/password combo. So if one client shows suspicious activity, you could just revoke their access to the router.
Use a separate network for guests
Most household routers can run at least two SSIDs simultaneously.
You can use this feature to create a separate SSID for guests or visitors to connect. This way, you can separate outside network traffic from your own eventually keeping your devices on a separate network.
Someone who writes/edits/shoots/hosts all things tech and when he’s not, streams himself racing virtual cars. You can reach out to Yadullah at [email protected], or follow him on Instagram or Twitter.