While most of us will most likely never have to worry about someone hacking our Wi-Fi network, just how hard would it be for an enthusiast to hack a person’s Wi-Fi network? Today’s SuperUser Q&A post has answers to one reader’s questions about Wi-Fi network security.
Today’s Question & Answer session comes to us courtesy of SuperUser—a subdivision of Stack Exchange, a community-driven grouping of Q&A web sites.
Photo courtesy of Brian Klug (Flickr).
SuperUser reader Sec wants to know if it is really possible for most enthusiasts to hack Wi-Fi networks:
I heard from a trusted computer security expert that most enthusiasts (even if they are not professionals) using only guides from the Internet and specialized software (i.e. Kali Linux with the included tools), can break through your home router security.
People claim that it is possible even if you have:
- A strong network password
- A strong router password
- A hidden network
- MAC filtering
I want to know if this is a myth or not. If the router has a strong password and MAC filtering, how can that be bypassed (I doubt they use brute-force)? Or if it is a hidden network, how can they detect it, and if it is possible, what can you do to make your home network really secure?
As a junior computer science student, I feel bad because sometimes hobbyists argue with me on such subjects and I do not have strong arguments or can not explain it technically.
Is it really possible, and if so, what are the ‘weak’ points in a Wi-Fi network that an enthusiast would focus on?
SuperUser contributors davidgo and reirab have the answer for us. First up, davidgo:
Without arguing the semantics, yes, the statement is true.
There are multiple standards for Wi-Fi encryption including WEP, WPA, and WPA2. WEP is compromised, so if you are using it, even with a strong password, it can be trivially broken. I believe that WPA and WPA2 are a lot harder to crack though (but you may have security issues relating to WPS which bypass this). Also, even reasonably hard passwords can be brute-forced. Moxy Marlispike, a well known hacker offers a service to do this for about US $30 using cloud computing – although it is not guaranteed.
A strong router password will do nothing to prevent someone on the Wi-Fi side from transmitting data through the router, so that is irrelevant.
A hidden network is a myth. While there are boxes to make a network not appear in a list of sites, the clients beacon the WIFI router, thus its presence is trivially detected.
MAC filtering is a joke as many (most/all?) Wi-Fi devices can be programmed/reprogrammed to clone an existing MAC address and bypass MAC filtering.
Network security is a big subject, and not something amenable to a SuperUser question. But the basics are that security is built up in layers so that even if some are compromised, not all are. Also, any system can be penetrated given enough time, resources, and knowledge; so security is actually not so much a question of “can it be hacked”, but “how long will it take” to hack. WPA and a secure password protect against “Joe Average”.
If you want to enhance the protection of your Wi-Fi network, you can view it as a transport layer only, then encrypt and filter everything going across that layer. This is overkill for the vast majority of people, but one way you could do this would be to set the router to only allow access to a given VPN server under your control, and require each client to authenticate across the Wi-Fi connection across the VPN. Thus, even if the Wi-Fi is compromised, there are other (harder) layers to defeat. A subset of this behaviour is not uncommon in large corporate environments.
A simpler alternative to better securing a home network is to ditch Wi-Fi altogether and require only cabled solutions. If you have things like cell phones or tablets, this may not be practical though. In this case you can mitigate the risks (certainly not eliminate them) by reducing the signal strength of your router. You can also shield your home so that your frequency leaks less. I have not done it, but strong rumour (researched) has it that even aluminum mesh (like fly screen) across the outside of your house with good grounding can make a huge difference to the amount of signal that will escape. But of course, bye-bye cell phone coverage.
On the protection front, another alternative may be to get your router (if it is capable of doing it, most are not, but I would imagine routers running openwrt and possibly tomato/dd-wrt can) to log all packets traversing your network and keeping an eye on it. Even just monitoring for anomalies with total bytes in and out of various interfaces could give you a good degree of protection.
At the end of the day, maybe the question to ask is “What do I need to do to make it not worth a casual hacker’s time to penetrate my network?” or “What is the real cost of having my network compromised?”, and going from there. There is no quick and easy answer.
Followed by the answer from reirab:
As others have said, SSID hiding is trivial to break. In fact, your network will show up by default in the Windows 8 network list even if it is not broadcasting its SSID. The network still broadcasts its presence via beacon frames either way; it just does not include the SSID in the beacon frame if that option is ticked. The SSID is trivial to obtain from existing network traffic.
MAC filtering is not terribly helpful either. It might briefly slow down the script kiddie that downloaded a WEP crack, but it is definitely not going to stop anyone that knows what they are doing, since they can just spoof a legitimate MAC address.
As far as WEP is concerned, it is completely broken. The strength of your password does not matter much here. If you are using WEP, anyone can download software that will break into your network pretty quickly, even if you have a strong password.
WPA is significantly more secure than WEP, but is still considered to be broken. If your hardware supports WPA but not WPA2, it is better than nothing, but a determined user can probably crack it with the right tools.
WPS (Wireless Protected Setup) is the bane of network security. Disable it regardless of what network encryption technology you are using.
WPA2, in particular the version of it that uses AES, is quite secure. If you have a descent password, your friend is not going to get into your WPA2 secured network without getting the password. Now, if the NSA is trying to get into your network, that is another matter. Then you should just turn off your wireless entirely. And probably your internet connection and all of your computers too. Given enough time and resources, WPA2 (and anything else) can be hacked, but it is likely going to require a lot more time and a lot more capabilities than your average hobbyist is going to have at their disposal.
As David said, the real question is not “Can this be hacked?”, but rather, “How long will it take someone with a particular set of capabilities to hack it?”. Obviously, the answer to that question varies greatly with respect to what that particular set of capabilities is. He is also absolutely correct that security should be done in layers. Stuff you care about should not be going over your network without being encrypted first. So, if someone does break into your wireless, they should not be able to get into anything meaningful aside from maybe using your internet connection. Any communication that needs to be secure should still use a strong encryption algorithm (like AES), possibly set up via TLS or some such PKI scheme. Make sure your e-mail and any other sensitive web traffic is encrypted and that you are not running any services (like file or printer sharing) on your computers without the proper authentication system in place.
Have something to add to the explanation? Sound off in the comments. Want to read more answers from other tech-savvy Stack Exchange users? Check out the full discussion thread here.