What are the security vulnerabilities in Wi-Fi networks and how to protect yourself?

Find out how to prevent strangers from accessing your home internet and devices connected to your router.

Find out how to prevent intruders and keep your home network secure

Every Internet user knows that you need to password protect Wi-Fi, but it takes more than that to stop network intruders. Therefore, it is important to understand what are the security vulnerabilities in the domestic connection and find out what needs to be done to avoid problems, from unauthorized access by the neighbor or even an attack by hackers who try to hijack the connected devices.

The measures, however, do not pass only to the end user, since the provider itself plays a crucial role in offering the best security to the customer, avoiding unnecessary support calls, reducing costs and protecting the brand's reputation. Next, see what are the main points of vulnerability in a home network and what you need to do to keep it safe.

Hard password combined with ease of use

Choosing the password is the first step in keeping the network secure. However, many users can spend weeks with intruders on the network before discovering that it is being shared with unauthorized persons – and, in the meantime, blame the provider for any slowdowns. Therefore, it is important to choose a strong Wi-Fi password, giving preference to unrelated combinations of birthdays, phone numbers and other publicly available personal information. In this way, it is possible to reduce the chance that a neighbor discovers the code and accesses the internet without authorization.

Difficult passwords also make it difficult for password cracking programs available on the Internet. This type of software usually works on a trial and error basis, starting with the easiest and most common combinations among users, such as dates and simple sequences of numbers. Thus, the tip is to choose passwords with uppercase and lowercase letters mixed with numerals and special characters (for example, *, !, % or @). The trick makes a forced entry much more time consuming and therefore more unlikely.

However, using a strong Wi-Fi password may not be as convenient in everyday life, especially for those who have a lot of guests at home. One of the solutions for this case is the guest network. The function offered by some routers allows you to create a new Wi-Fi network, with a different name and password, for temporary access by anyone who is not a regular user of a given network. When having friends over for a birthday, for example, it is possible to create the Wi-Fi “Aniversário do so-and-so” with the password “pArabensPRAvoce!35” and share it with guests without fear of intruders – after all, at the end of the event, just deactivate the network in the router settings.

In addition, it is possible to facilitate the use of a difficult password through some tricks involving applications, QR Codes and NFC connection. One involves the use of password vaults, applications protected by a master password that allow you to generate and store strong passwords for all sorts of services, including home Wi-Fi. When the need arises to share the password, just open the app on your cell phone, copy the code and send it to the other person.

The QR Code comes in as an extra facilitator. Instead of sending the password via WhatsApp and running the risk of having the code leaked to unauthorized people, it is possible to create QR codes that have the password embedded: download a QR Code creator app, configure it as a Wi-Fi password, print and leave it in a place visible only to those inside the enclosure. To connect, just open the cell phone's camera, point to the code and wait for the smartphone to authenticate automatically.

Finally, it is possible to adopt an even more modern and convenient solution using NFC. Through NFC tags sold in specialized stores, it is possible to use an application to configure the connection to Wi-Fi with a touch. Once prepared, the user can position the tag anywhere in the house and let visitors know that they just need to touch the phone there to enter the network. It is important to remember, however, that this option does not work for all smartphones, including the iPhone.

READ TOO: 
Is your router secure? Technical analysis of security on popular routers
UPnP Risks on the Router and Possible Solutions

Strong Wi-Fi password is essential to prevent home network intruders

The encryption protocols

The network encryption protocol is another point that deserves attention to keep the Internet at home safe. Technology refers to the encryption standard used to encrypt the user's authentication key. Depending on the sophistication of the protocol, it can be more or less prone to being broken, whether or not it puts Wi-Fi security at risk.

The WEP protocol (acronym for Wired Equivalent Privacy), for example, has fallen into disuse since 2005 and is no longer considered secure. Very common in the industry a few years ago, it has known flaws and, therefore, can pose a risk to the user if it is selected to encrypt the network password.

“The WEP protocol is very easy to break. Programs available on the Internet (web crack) manage to break it simply by sniffing the Wi-Fi, that is, simply listening to the signal traveling through other computers”, explains Gaspare Bruno, CTO of Anlix. “So, no matter how difficult the password is, the protocol used to carry out the encryption process between the two points is fundamental”, recommends the expert.

For more than a decade, however, the Wi-Fi Alliance consortium has been encouraging the use of the WPA (Wi-Fi Protected Access) protocol and, later, WPA2, which has already surpassed the first generation in adoption since 2006. One of the differences for WPA is in the use of a dynamic key system which helps to continuously check whether the encryption has been broken by an attacker. In WEP, for example, these keys were fixed, making it easier to attack. Nowadays, therefore, the user must always give preference to WPA2 over WEP, under penalty of having the Wi-Fi password easily cracked by third parties.

However, the WPA2 protocol is not failsafe. In 2017, for example, a vulnerability came to light that put the security standard to the test. O bug known as “Krack” involves reusing a one-time key provided when attempting to connect between a device and a Wi-Fi network. At the time, experts found that a hacker could exploit the flaw to bypass WPA2 encryption and snoop on network traffic. the vulnerability got fix on the same year, but the slow distribution speed of the update does not guarantee that all users have received the solution. In addition, others problems arising in 2020 at the hardware level continue to put WPA2 passwords at risk.

In this sense, the Wi-Fi Alliance has been developing since 2018 the WPA3, a new generation standard that aims to solve past problems and improve the security of home networks. The protocol employs 192-bit encryption, brings new authentication methods that avoid flaws like KRACK, and even promises to protect the connection to Wi-Fi networks without a password. Due to these characteristics, WPA3 is seen as ideal for increasing the protection of IOT (Internet of Things) devices, such as home appliances and alarm systems connected to the Internet.

Choosing the correct security protocol is essential to avoid password cracking.

Are mesh routers always more secure?

Amid the vulnerabilities already discovered in many routers, consumers can go in search of alternatives considered more secure, such as mesh routers. This equipment category is known for integrating several nodes into a single network to allow connection without blind spots in a larger environment, or with different levels. Because they are more recent, they also tend to bring modern firmware that is easier to update compared to most common routers. Mesh-type devices, however, are not vulnerability-proof.

Still in 2009, a team of researchers raised in a scientific article all the possible vulnerabilities that technology can offer. According to experts, hackers can intercept a new authentication of the user's device with a second network node when moving around the house. The process, carried out silently by mesh equipment, could give rise to a type of attack called “black hole”, in which the attacker creates false packets to imitate a valid node and invade the connection. So while it is more convenient for large homes, mesh routers are not necessarily more secure than other routers.

Provider can also be affected by intrusion into the customer's device

Using difficult passwords the easy way, choosing the right protocol, and keeping the router up to date all have clear benefits for the end user. However, from the provider's point of view, offering all these solutions can also be beneficial to ensure good service quality. This is because these measures guarantee a more protected network and, therefore, less prone to the hijacking of connected devices. Once hacked, these devices can be integrated into networks of zombie bots ready to attack a given server at the hacker's command.

Botnets are commonly used in denial of service (DoS) attacks, which, in general, aim to take down a certain website or service of a company. Such attacks are becoming common as weapons of industrial espionage, including allegedly funded by governments, in an attempt to break down the defenses of enterprise networks. In this sense, the provider that enables more security for the client's network is not only potentially reducing the demand for technical calls and improving the company's reputation among consumers, but also contributing to maintaining a healthier environment in the industry as a whole.