Wi-Fi security has been a concern due to the wireless nature of access. With wired networks such as Ethernet, a hacker needed physical access to the equipment. With Wi-Fi, attacks can be launched in a vicinity where the signal can be picked up. It's therefore important to not only control who is allowed to get into a Wi-Fi network but also protect all data that's being exchanged over the network. With the coming of IoT, Wi-Fi security is likely to be more important than ever before.
Attacks on Wi-Fi can be passive such as sniffing the radio channels to pick up useful information. It can be more active such as a rogue device impersonating as an authentic access point or client. Wi-Fi security needs to address all these aspects.
What does security mean in the context of Wi-Fi?
Wi-Fi security can be seen in two aspects:
- Authentication: This controls who is allowed to log into the network. Wi-Fi clients have to provide the right credentials to connect to an access point (AP). This is usually a password but more sophisticated methods are possible using Extensible Authentication Protocol (EAP) and IEEE 802.1x. A Wi-Fi password is also called passphrase or Network Security Key. From the perspective of authentication, a client is also called supplicant.
- Encryption: Data is encrypted so that others cannot read it.
Authentication and encryption are sometimes called "security" and "privacy" respectively. These are implemented at the MAC layer, meaning that protection is only between the client and the access point. What's also important is end-to-end security. Keeping your data and network secure usually involves more than just Wi-Fi. Security protocols can be employed at different layers. IPsec protects data at the IP layer. TLS and SSL protect data at the transport/session/application layers. SSH protects data at the application layer. For browsing webpages in a secure manner, HTTPS relies on SSL/TLS. In addition, firewalls, VPNs and anti-virus software can be used.
What steps can I take to secure my Wi-Fi network?
The following are best practices for a secure Wi-Fi network:
- A Wi-Fi router or access point will come with default SSID and password. Change these to non-default values. Use a strong password.
- Periodically change the network password.
- Enable encryption. The use of WPA2-AES is recommended. Use a Wi-Fi CERTIFIED product since it's certified for WPA2 support.
- Since WPS is a security risk, disable this feature completely.
- Router manufacturers often release updates including security enhancements or patches. Update your router with the latest firmware releases.
- Allow administrative web access to your router via HTTPS and block HTTP access. Disable wireless admin access. In addition, disable remote management, so that settings can be changed only by someone with physical access to the router. Change admin credentials to non-default values. Use a strong admin password.
- Restrict the signal to within your house by using anti-Wi-Fi paint.
What are some myths about Wi-Fi security?
- Disable broadcast of SSID to prevent casual folks from trying to connect to your access point.
- Configure access point to allow connections from a whitelist of known clients. This is usually specified with client MAC address.
- Disable DHCP and allocate IP addresses to a limited range.
- Reduce the range of the Wi-Fi signal but a hacker will probably use a higher gain antenna.
What precautions can I take to secure my Wi-Fi client and its data?
The following are recommended:
- Don't allow automatic connections to open Wi-Fi access points. These access points may be potentially dangerous. In other words, enable WPA2 security. Or configure client to prompt the user for approval before connecting.
- Disable clients from sending out probes looking for an available access point.
- If a client has highly sensitive data, you can allow it to connect only to a whitelist of access points.
- Disable sharing of your connection to other devices nearby, particularly when using a public AP.
- Use a VPN so that data is always encrypted before it leaves your device. This way, a rogue AP will be rendered useless even if Wi-Fi connection has been compromised.
Which security protocol should I choose?
You should use the latest standards, WPA3-Personal or WPA3-Enterprise. On older devices, use Wi-Fi Protected Access II (WPA2) together with Advanced Encryption Standard (AES). For home or personal use, use WPA2-PSK, where PSK implies pre-shared key (usually called password). WPA2-Enterprise is used when the network supports additional methods of authentication. Wi-Fi Alliance has branded IEEE 802.11i as WPA2. WPA may be seen as a partial implementation of IEEE 802.11i.
Historically, Wi-Fi security protocols include WEP (Wired Equivalent Privacy), WPA, WPA2 and WPS (Wi-Fi Protected Setup). WEP and WPS are no longer secure. WPA was designed to replace WEP on old device hardware.
Encryption methods and integrity checks are also important. WEP uses RC4 stream cipher for encryption and CRC32 for integrity check. WPA uses RC4 (or AES if supported by device) but enhances it with Temporal Key Integrity Protocol (TKIP); and it uses a 64-bit Message Integrity Check (MIC) named MICHAEL. WPA2 uses AES, which is secure. More accurately, an AES-standard named CCMP is used.
Are there any known vulnerabilities with WPA2?
In October 2017, "key reinstallation attacks (KRACKs)" were used successfully to read sensitive information previously assumed to be encrypted. This was not merely an implementation bug but a flaw in the WPA protocol itself. When a client wants to join a Wi-Fi network, it does a handshake that includes initialization of cryptographic keys. In this attack, the client can be tricked to reuse existing keys as well as reset counters to their initial values.
KRACK may include arbitrary packet decryption and injection, TCP connection hijacking, HTTP content injection, or the replay of unicast and group-addressed frames. Vendors are known to provide updated firmware that fixes the KRACK vulnerability.
What is WPS and should I use it?
Wi-Fi Protected Setup (WPS) was introduced into the Wi-Fi standard to simplify the setup process. Rather than enter long passwords, an 8-digit pin is used to connect a client to the access point. WPS has a few different ways that require either physical or admin access to the devices. The 8-digit pin is usually mentioned on the device hardware, be it client or router or both.
The use of WPS is not recommended. Vulnerabilities in WPS were discovered in 2011 and a brute force attack is enough. A simple explanation of how this attack works is given by Paul Ducklin. In one case, the attack succeeded in just six hours.
Can you name some well-known attacks on or using Wi-Fi networks?
In 2003, an open Wi-Fi network of Lowe's became the entry point for two hackers. They accessed servers across seven US states and crashed a PoS system. In 2004, BJ's was hacked and credit card numbers were stolen. This was due to unencrypted networks and use of default credentials. BJ's incurred legal costs of about $10 million. In 2005, GE Money in Finland lost 200,000 Euros due to an unprotected Wi-Fi. In 2007, hackers exploited WEP's weaknesses and stole credit card numbers from Marshalls department store in St. Paul, Minnesota.
What tools or products exist to snoop a Wi-Fi network or audit its security?
For scanning the airwaves for 802.11x traffic we have Wireshark, inSSIDer, Kismet, Pwnie Express Pwn Pro, and Netstumbler. Airsnarf is one tool to impersonate an access point. Airpwn can be used to inject packets at the access point and fool the client. Airsnort and Aircrack are for attacking WEP. To simply jam the radio spectrum, Wave Bubble is one device. Aircrack and coWPAtty can be used to attack WPA. To spoof a MAC address, Nmap and MAC Shift are handy. To know if there's an unauthorized access in your network, AirSnare is useful. Default passwords for well-known products are listed publicly.
- Agarwal, Amit. 2014. "How to Secure Your Wireless (Wi-Fi) Home Network." Digital Inspiration. August 7. Accessed 2017-06-18.
- Brooks, Stan. 2007. "Wireless Security in an Education Environment." Emory University. Accessed 2017-06-21.
- CIRT.net. 2017. "Default Passwords." Accessed 2017-06-21.
- Cimpanu, Catalin. 2019. "Dragonblood vulnerabilities disclosed in WiFi WPA3 standard." ZDNet, April 10. Accessed 2019-05-04.
- Crane, Joel. 2017. "Wi-Fi Security Types." Metageek Support. February. Accessed 2017-06-21.
- Ducklin, Paul. 2014. "Using WPS on your Wi-Fi router may be even more dangerous than you think." Naked Security. September 2. Accessed 2017-06-18.
- Ducklin, Paul. 2015. "We TOLD you not to use WPS on your Wi-Fi router! We TOLD you not to knit your own crypto!" Naked Security. April 13. Accessed 2017-06-18.
- Eddy, Max. 2016. "First Look at a Wi-Fi Attack Happening at Black Hat Right Now." PCMag India. August 4. Accessed 2017-06-18.
- Gallagher, Sean. 2012. "Hands-on: hacking WiFi Protected Setup with Reaver." Ars Technica. January 5. Accessed 2017-06-18.
- Geier, Eric. 2013. "5 Wi-Fi security myths you must abandon now." PC World. October 7. Accessed 2017-06-18.
- Griffith, Eric. 2016. "12 Ways to Secure Your Wi-Fi Network." PCMag India. October 14. Accessed 2017-06-18.
- Haines, Brad. 2017. "Wireless Security - What Were They Thinking?" June 19. Accessed 2017-06-21.
- Hoffman, Chris. 2014. "Wi-Fi Security: Should You Use WPA2-AES, WPA2-TKIP, or Both?" How-To Geek. December 12. Accessed 2017-06-18.
- ICO UK. 2017. "Wi-Fi security." Accessed 2017-06-18.
- John. 2010. "WEP, WPA, WPA2, TKIP, AES, CCMP, EAP." The Cisco Learning Network. February 27. Accessed 2017-06-21.
- Kauffman, Lucas. 2013. "WiFi security: history of insecurities in WEP, WPA and WPA2." IT Security Stack Exchange Blog. August 28. Accessed 2017-06-21.
- Linksys WRT54G Firmware. 2012. "How to Secure Linksys Router WRT54G." Linksys WRT54G Firmware Blog. December 20. Accessed 2017-06-18.
- Microchip. 2018. "VU#228519 - Wi-Fi Protected Access II (WPA2) Vulnerabilities." Accessed 2018-04-18.
- RE-BiT. 2015. "6 WiFi Security Tips to Stay Safe on Public Networks." Re-Bit Technology. April 7. Accessed 2017-06-21.
- Thubron, Rob. 2018. "WPA3 protocol will make public Wi-Fi hotspots a lot more secure." TechSpot, January 9. Accessed 2018-03-03.
- Vanhoef, Mathy. 2017. "Key Reinstallation Attacks." Accessed 2017-10-17.
- Viehböck, Stefan. 2011. "Brute forcing Wi-Fi Protected Setup." December 26. Version 3. Accessed 2017-06-18.
- Wi-Fi Alliance. 2017. "Discover Wi-Fi: Security." Accessed 2017-06-18.
- Wi-Fi Alliance. 2018. "Wi-Fi Alliance® introduces Wi-Fi CERTIFIED WPA3™ security." Wi-Fi Alliance, June 25. Accessed 2018-06-27.
- Wikipedia. 2017. "Wi-Fi Protected Access." June 19. Accessed 2017-06-21.
- Wikipedia. 2020. "Wired Equivalent Privacy." Wikipedia, May 10. Accessed 2020-07-22.
- Wi-Fi Protected Setup
- Wi-Fi Protected Access
- Wired Equivalent Privacy
- Advanced Encryption Standard
- Extensible Authentication Protocol
- Mitchell, Bradley. 2016. "Introduction to Wi-Fi Network Security." Lifewire. September 18. Accessed 2017-06-18.
- Minella, Jennifer. 2008. "WEP Sucks, so Why are You Using It?" Security Uncorked. August 18. Accessed 2017-06-21.
- Wikipedia. 2017. "Wi-Fi Protected Access." June 19. Accessed 2017-06-21.
- Hoffman, Chris. 2013. "Wi-FI Protected Setup (WPS) is Insecure: Here's Why You Should Disable It." How-To Geek. November 24. Accessed 2017-06-18.