How to protect your home Wi-Fi network from hacker attacks?

How Wi-Fi works

Wi-Fi is a technology that allows you to connect to the internet and exchange data without wires, using radio waves. Here's how it works:

1. In most cases, the Internet enters your home via a cable connected to a special device — an optical network terminal (ONT) in the case of optical fiber or a router or laptop/PC in the case of twisted pair.
2. The special device connects to a Wi-Fi router, a device that takes the Internet signal from the special device and turns it into a radio signal.
3. Wi-Fi router transmits data through radio waves, which allows you to transmit the Internet signal over a distance within your house or flat.
4. Your devices (laptops, tablets, smartphones) have built-in Wi-Fi receivers that "catch" these radio waves. When you connect to Wi-Fi, your device "communicates" with the router through these waves.
5. When you request information from the Internet (like opening a website), your device sends the request via Wi-Fi to the router, and the router relays the request to the Internet. Then the response (website, video, etc.) goes back the same way.

The most common types of Wi-Fi attacks and how to defend against them

Now, let's understand exactly how attackers can harm your Wi-Fi network and how you can keep it private and protected.

1. Password cracking

This is a proven and effective method that hackers use to gain access to a Wi-Fi network. Insecure passwords become easy prey for hackers who can find them in databases of broken accounts, as many users reuse their favorite passwords or leave them at their factory settings. Or, fraudsters can intercept your data, which may include logins and passwords, in what's known as a "man-in-the-middle" attack. As a result, your web traffic, which by default is sent to the Wi-Fi router, will be sent first to the hacker and then from the hacker to the router without the device noticing the change.

The danger of password cracking can cause:

• Using an outdated encryption standard — WEP. If your router uses the outdated WEP encryption standard instead of the advanced WPA2, hackers with special tools can crack even a complex password in a few minutes.
• Attack on WPA2. The WPA2 security protocol, although more complex, can also be hacked. To do this, attackers use a forced de-authentication technique: they disconnect routers from the network for a few seconds so that they reconnect. In the process, packets are exchanged (handshake). When an attacker receives such a packet, he can test millions of passwords with special software and quickly crack a weak password.

Solution:

• Use the WPA2 or WPA3 standard. Since WEP is a less secure standard, it is best avoided. To access your router's settings:
1. Go to the Wi-Fi security page and select the “Wireless Settings” section.
2. Select WPA2 or WPA3 as the security method and click "Save Apply".
• Create strong passwords. A strong password should be long and complex, containing capital and small letters, numbers, and special characters.
• Avoid personal information in passwords. Avoid data that is obvious or easily found on social networks: dates of birth, phone numbers, names of pets, etc.
• Update passwords regularly. This will make life more difficult for scammers, even if they have access to a previous password.
• Enable MAC address filtering. The router uses a technology called "MAC address filtering" to protect against unauthorised access to the network. To enable it:
1. Select MAC address filtering in the “Wireless Security Settings” section of your router's settings.
2. Back up your changes.
• Create a guest network. This will isolate your main devices from those who connect to the network temporarily. On modern Wi-Fi routers, the “Guest Network” option has its own SSID and password. Once it is activated, you won't need to provide your primary password, and guests will be able to use their devices for Internet connectivity.

2. Hacking via WPS PIN

WPS (Wi-Fi Protected Setup) attacks are known for their effectiveness. They work as follows:

• Reaver and PIN attack. Reaver uses a PIN brute-force method that can compromise WPS-vulnerable routers in minutes. Even the strongest Wi-Fi password will not protect against a WPS PIN attack.
• WPS Pixie-Dust method. This is a more advanced method of attacking secure Wi-Fi networks that use the WPA/WPA2 standard with the WPS algorithm. With its help, an attacker can quickly find out the WPS PIN code, get the password from the Wi-Fi network, and hack it in seconds.

The fraudster's access to the WPS code allows him to connect to your network regardless of changing the Wi-Fi password. In many routers, the WPS PIN cannot be changed, leaving the network vulnerable while WPS is active.

Solution:

• Turn off WPS and check it with tests.
1. Go into your router settings (via the web interface, usually at 192.168.1.1 or 192.168.0.1).
2. Go to the "WPS Setup" or "WPS Access" section.
3. Switch off WPS.
4. Reboot the router and check if the settings have been saved. On most models, this can be checked by the WPS indicator light (when it is off, the light will not be on).

3. Hacking via remote access

On the one hand, setting up remote access provides convenience to users. On the other hand, it is a threat from fraudsters if proper security measures are not taken, and here's why:

• Search engine indexing. Scanner services like Shodan scan the Internet for devices with open ports (IP cameras, routers, smart sensors, etc.). If remote access to your router is enabled, the password can easily get into the Shodan database and hackers will start testing it for availability. Attackers can also exploit weaknesses in the router's firmware to gain access to its settings.
• Danger from those who have temporary access to the local area network (LAN) or Wi-Fi. Such a user can log into the router's admin panel, enable remote management, create their own credentials, and return to your network afterward, even after changing the Wi-Fi password.

Solution:

• Switch off remote access.
1. Go to the router's admin panel (usually 192.168.1.1 or 192.168.0.1).
2. Find the "Remote Management" or "Remote Access" section.
3. Switch off this function if it is active.
• Check port forwarding.
1. In the router settings, look for the "Port Forwarding" tab (usually under "Advanced").
2. On the port forwarding page, there should be no port forwardings that you are not aware of, as these may be settings to a security camera or server. If you see unknown redirects, delete them.
3. Reboot the router.
• Hide your network from others.
  Knowing the network name or SSID (Service Set Identifier), which you can see when searching for Wi-Fi, allows you to connect to a particular network. By default, routers and access points show your network name to anyone who wants to see it. But you can hide it as follows:
1. Open the "Wireless Settings" section of your router.
2. Select "Basic Wireless Settings" from the menu.
3. Select the “Disable SSID" option.
4. Save the settings.
• Change the default login/password for the router.
1. Open any browser on a gadget that is connected to the network, and in the search box enter the address to enter the router settings. This is usually a combination of numbers: 192.168.0.1 or 192.168.1.1. The router must be switched on and connected to the device.
2. To get to the main menu, enter the login and password. The default login details can usually be found on the bottom of the router (usually admin/admin).
3. If you have previously changed the basic login and password and have forgotten them, you can reset the settings using the special button on the router. After that, set it up again using the standard login details.
4. Enter the main menu and find the "Wi-Fi network" or "Wireless" section in the settings. Now enter the new password for the connection in the corresponding field and save the change.
5. After that, reconnect your wireless devices to the router with the new password.

4. Vulnerability in the router firmware.

The operating system your router runs on may contain bugs and vulnerabilities (especially if it is outdated). Through them, hackers from anywhere in the world can infiltrate your network and steal personal information.

Solution:

• Check regularly for firmware updates for your router.
  Most models update automatically, but some models require you to update the firmware manually. To do this:
1. Back up your router's current settings (if your device allows it) to restore them after the update.
2. Determine the model and firmware version of your router using the label on the device itself or through the admin interface.
3. Go to your router's manufacturer's website and find the support or downloads section there.
4. Enter your router model to find the latest firmware update.
5. Download the file with the new firmware version to your computer and install it from the router's admin panel.
• Use a router with a firewall and VPN.
  If your router has these features, they are activated by default. While your device is connected to the Internet, the firewall acts as a screen, blocks all ports except those you open, and thus protects your device from hackers. Activating a VPN allows you to create an encrypted tunnel that protects not only the router but also all devices connected to the network. You can also use other software for protection, such as antivirus programs.

So, it is not difficult to improve Wi-Fi security. Just follow these simple tips, and your personal information will be reliably protected from theft.