Wi-Fi piggybacking widespread, anti-virus firm warns

While setting up a Wi-Fi network for the PLDT myDSL connection at home earlier this week, I got a timely warning from a press release. Anti-virus company Sophos said many people now use someone else’s wireless Internet connection without their permission.

Sophos said 54 percent of 560 respondents who took their online survey admitted to using other people’s Wi-Fi connection without their permission. The survey is not scientific and I don’t see how you can see a “widespread” trend from it. But it does provide a timely warning to home users who have gone wireless.

Sophos said “many Internet-enabled homes fail to properly secure their wireless connection with passwords and encryption, allowing freeloading passers-by and neighbors to steal Internet access rather than paying an internet service provider (ISP) for their own.”

I don’t know how common Wi-Fi piggybacking is in Cebu or in the Philippines, save for anecdotal feedback from geeks I know. I’ve heard of maybe three persons who said they were able to use an unsecured wireless network.

Still, the absence of reports should not be a reason to be complacent and just leave your home Wi-Fi network unsecured. This absence of reports may be because none have been caught.

And with more mobile devices like phones having the capability to use Wi-Fi, the risk will only get higher.

Sophos gave 6 tips for securing your Wi-Fi network.

1. Use encryption
Sophos suggests using WPA or WPA2 as a better and stronger encryption system than WEP. Linksys WRT54G, the Wi-Fi router I use, provides an easy point-and-click web interface into setting up these encryption systems. But I had difficulty connecting my Ubuntu Linux laptop using wicd to the router when using WPA2. I’m sure I made a mistake in the setting somewhere and I’ve put off using encryption for later this week.

2. Use a strong password
The first thing you do when you set up your router is to change its default password. The Linksys setup CD prompts you to enter a new password to replace the default one, which is “admin.” The password gives anyone access to the router’s settings.

3. Use MAC address filtering
This is something that I’m set on implementing. Wi-Fi routers and access points can prevent unlisted devices from connecting to the network. It does this by allowing only certain devices, identified through their MAC addresses, to connect to the network.

The Linksys web admin interface allows you to easily enter a list of allowed MAC addresses if you want to enable filtering. To get the MAC addresses of your Windows computers, click the Start icon, then Run, then type cmd in the box. Type ipconfig/all. Go through the details listed an copy the 12-digit Physical Address. Just copy the addresses of both the wired and wireless network adapters in case you’d need to connect to the router using a network cable.

In Linux, just open a terminal and type ifconfig, the MAC address is the 12-digit number beside HWaddr. The wireless card in my case is eth0 but I also copied eth1, my network adapter, in case I needed to connect to the router via a cable.

This isn’t fool-proof, though, as hackers can clone MAC addresses. But then again, how many people in your neighborhood can clone MAC addresses? I know all the people within range of my Wi-Fi network and the only MAC they know is either a sleek computer or else one that comes with juicy beef patty.

Filtering MAC addresses also provides an added hassle of entering new ones whenever you have visitors who may need to use the connection. I’ll probably just turn off filtering for the duration of the visit and tell him or her, “for you, I’m leaving my home network wide open.”

4. Don’t broadcast the name of your wireless network or SSID
Sophos recommends that you turn off broadcasting of the service set identifier (SSID) or your wireless network’s name. It’s a private network, after all, and there’s no need to broadcast this information. It’s not as if your home’s a cafe that has clients who need to discover your network to connect to it.

Sophos also recommends that you choose a hard-to-guess SSID not generic ones like home, internet, or [your family name] home.

5. Restrict Internet access to certain hours
This is something I’m never implementing. I’m online most of the time. But this is something you can easily do with the Linksys web admin. Sophos recommends this for people with set online schedules at home. The company recommends that you disable Internet access in hours when you don’t need it. Hey, why not just turn your router off?

6. Make sure your computers are properly secured
Sophos also recommends that the computers connecting to your network be secured with updated anti-virus software and security patches. I use Ubuntu Linux. Period.

But my wife uses Windows so I have to check her laptop once in a while.

Support this blog and independent reporting on Cebu

3 responses

  1. Hi Max,

    I don’t know if you were able to read it, but some months back, I remember reading that somebody in UK was jailed for ‘stealing’ wifi from his neighbor.

  2. Hi Sir,
    I seem to recall reading that piece of news too. I wonder how common Wi-Fi piggybacking is here in Cebu, though.

  3. Hi.

    The connection I’m using now to browse your site is actually a stolen Internet access.

    It is from my aunt’s WRT54G router. She doesn’t know that we’re (we at home) using their connection at home for our laptop and desktop. They used encryption, a strong password and unbroadcasted SSID. The downside is, I was the one she asked to configure her router (at the address with default username of admin and a blank password)!

    Aside from my aunt’s Linksys router, we also have a stolen backup connection. Now, it’s my other aunt’s DLink router. Again, their networked followed security measures but I was the one she asked to configure it.


Leave a Reply

Your email address will not be published. Required fields are marked *