Tip o’ the Week #221 – Stay safe on WiFi

clip_image002

Following last week’s misty-eyed retrospective on WiFi and Bluetooth, it’s worth pausing a little to pass on a few safety tips too. If you’ve a WiFi network at home which does not have encryption enabled (using a decently strong password – known as a Pre-Shared-Key or PSK – and a modern encryption method, such as WPA2) then you must hang your head in shame immediately, that is, immediately after you go and put a strong password on your WiFi.

What should you call your home WiFi network? Well, if it’s “NETGEAR” or similar, then make sure you call it something else (in case a well-known exploit is found in every NETGEAR router, in which case you’ve just told every kerbside hacker how to break into your network). Also, it’s worth making sure you change the admin password for your router – it’s a piece of cake to find out the default password for well-known routers, such as NETGEAR ones.

How to name your SSID might depend on where you live, if you have any neighbours, if you trust them and so on.

clip_image004Serial ToW contributor Paul “Woody” Woodman has the mischievous idea of setting his SSID to be something eye-opening – in fact, the WiFi network set up by his phone’s Internet Sharing (as covered in last week’s ToW) has an interesting name…

So, Woody’s on the train, using his phone to connect to the internet, and all the other WiFi users in the same carriage are on their best behaviour…

The Huffington Post wrote about this phenomenon a few years back.

To get a more reliable connection, it’s worth setting your WiFi channel to be something that interleaves well with your neighbours, so you’re not both trying to blast out on Channel 6 – as a guide, check here. Try using a bit of software called inSSIDer to sniff your neighbourhood, see what their networks are called and what channel they’re on, then set yours to something complementary, if you can.

Stay Safe Online

Yvonne Puley made a suggestion about checking what WiFi networks you connect to, after reading a report on the BBC website and seeing an article on the BBC’s Click programme. The gist of the piece is that public WiFi networks – a hotspot set up by your local coffee shop, or even well-known WiFi networks provided by telco’s and the like – are not necessarily all they seem. A simple scam could be for a ne’er-do-well to set up a spoof WiFi network on their own laptop, and the unsuspecting browsers could connect to it and all their online movements could be recorded and tracked. Other hackers could stage a “man in the middle” attack using software that intercepts traffic on legitimate networks and can even decrypt supposedly secured SSL traffic.

In short, there’s no way for you to guarantee that what you do on any public WiFi network is safe from prying eyes. Europol (not to be confused with Interplod, as Arthur Daley might have ventured) says, basically, don’t use public WiFi networks for anything private, like online banking. If you want to scare yourself silly, then watch this Click clip.

clip_image006Anything that goes over VPN or DirectAccess should be OK, as the encryption mechanisms used are less susceptible to having a breaker on the side. Even when connected back to base using a more secure connection, though, ordinary web surfing and background updating of apps will typically go out via the public WiFi network. It’s worth also making sure you don’t give too much away – like when you first connect to the network, unless you control it, then you don’t want to “find PCs, devices and content” etc.

For more info on this setting, see here. Looking in the PC’s settings at the connection properties (as described in that article) also lets you see what kind of encryption you have running on the network. If you’re connecting to a WEP network (the traditional method for putting a password on a wireless connection), then think twice about trusting it – Wired Equivalent Privacy is anything but, and can be relatively easily cracked.

Leave a Reply

Your email address will not be published. Required fields are marked *