In the previous post, I gave a top view of how Wi-Fi sends your stuff through the air and how devices makes sense of it.
In this final part of my three part series on Wi-Fi, you’ll learn all about Wi-Fi hotspots and Wi-Fi security.
Let’s do this!
Wi-Fi hotspots are great; especially mobile hotspots.
Assuming you have the data plan to support your avaricious appetite for data, you can turn your smartphone into a personal access point and then connect your laptop and other devices to the internet through that smartphone.
You can even transform your Windows 8.1 PC into a Wi-Fi hotspot or connect to a public hotspot in a local cafe, airport or hotel lobby (just make sure you use some common sense when connecting to a public hotspot)
Finding your hotspot
There are Wi-Fi hotspots in almost every major city you can image. And although some cost a fee, most are free. In fact, entire websites have been devoted to helping you find free Wi-Fi hotspots. wififreespots.com is a good example but there are others.
Incidentally, if you visit wififreespot.com, ignore the bland design. The site looks like it was crafted in the Netscape Navigator era but don’t be fooled – the content here is golden.
openwifispots.com is another good site to check for free Wi-Fi hotspots. There are almost 70,000 hotspots in the database but the directory doesn’t include international locations.
Staying safe online
Before you start connecting to public hotspots it’s imperative that you protect yourself when browsing the internet.
My suggestion is to use a free VPN service such as proXPN or HotSpot Shield. Incidentally, HotSpot Shield works well; however, you need to be cognizant of the crapware in the HotSpot shield installer. As long as you opt-out of the unwanted mess you should be okay.
But I still avoid Hotspot shield. Despite the security benefit, I don’t have a penchant for bloated software.
Conversely, with proXPN, you create a free account by entering your phone number, email address and password. Then you click the confirmation email and download the client from the web portal.
Installation is a breeze and setup couldn’t be easier; however, the software does have it’s drawbacks.
Here are the top 3 I noticed:
- The free account is about as fast as dial-up
- It takes a few seconds longer to establish the connection with the free version (about 5 to 10 seconds longer)
- proXPN keeps pushing the premium (paid) version of the app via popups and other creative avenues. For example, customer support from proXPN actually called me 30 minutes after I signed up and tried to entice me to go premium with an exclusive 20% discount code and 7 day trial. Get ready for the shenanigans.
My advice is to only use ProXPN when you need it. Don’t use it to hide your location when you’re streaming HD video content. And please, don’t use it to do illicit things online.
ProXPN is ideal for last minute emergencies such as when you need to pay an online bill before a late fee, buy a product before the sale ends or login to LinkedIn before your colleague blocks you.
Just fire up ProXPN right before you need transmit sensitive data through the internet. Do your thing online and disconnect. Get in and get out and you’ll be fine.
The good news is that the free connection is protected with 512-Bit encryption and your public IP address is completely cloaked. This makes it extremely hard (although not impossible) to identify your geographic location from your IP alone.
A malicious hacker can still setup a protocol analyzer to sniff your traffic; however, he’ll see a mass of random characters in the output.
On a side note, I said “although not impossible” because someone with enough time and motivation can indeed crack a 512bit encryption key; however, it’s a laborious task. The perpetrator would need access to several super computers with industrial grade processors. And he would need several months of continuous free time (half a year or more) before he successfully factored the key into something usable. By the time this determined hacker finished his nefarious deed, you would be done with your web session and his efforts would be rendered useless.
One more thing: if you connect to ProXPN and notice your IP address isn’t actually hidden open a new private tab (Ctrl + Shift + n Chrome and Ctrl + Shift + p in Internet Explorer and Firefox) and reconnect to the client. I had this issue but resolved it by doing this disconnect/reconnect dance.
You can verify your IP address is actually being masked by typing “ip address” into Google and confirming it matches the IP address shown in the proXPN client. In my case, 220.127.116.11 is my fake IP address.
Getting to know Wi-Fi security
Here’s the bottom line:
Currently, as I write this article in March of 2015, the most bulletproof Wi-Fi encryption standard is WPA2-PSK (AES) also called WPA2 Personal.If you have the option to use anything else you’ll probably slow down your Wi-Fi connection, make it less secure or both.
Think about it. Let’s say you’re using something like WPA2-PSK (TKIP/AES) or WPA2-PSK “Mixed Mode” (which is basically the same thing) this means your Wi-Fi device has two options:
One: Connect with the robust military grade AES encryption scheme or Two, use the antiquated Temporal Key Integrity Protocol (TKIP) which connects legacy devices using the same busted algorithm that once belonged to WEP (Wired Equivalent Privacy). There’s nothing secure about WEP. It’s been cracked numerous times and is chronically lampooned in the tech community.
Furthermore, since legacy devices can only run at the fastest supported standard, sometimes you can get slapped with a serious blow to performance. For example, if you connected your busted Windows XP laptop to your 802.11n WPA2-PSK(TKIP/AES) network, which has a maximum theoretical throughput of 300Mbps, it’ll top out at 54Mbps to ensure backwards compatibility. That’s right, one crappy computer will slow down your entire network. It’s not worth it.
In summary, because of the inherent insecurities and performance degradations of the TKIP/AES standard you should never use Mixed Mode.
Just say yes to AES.
Stupid Wi-Fi Myths
Before I close up this series I want to dispel the top two myths I hear these days about Wi-Fi security.
Hide your SSID
Some people say a quick path to boosting Wi-Fi security is to stop broadcasting your network ID (technically called the Service Set Identifier, SSID). This is the network name you see when you browse the list of Wi-Fi networks in your vicinity.
Hiding the SSID means telling your home Wi-Fi router to stop advertising the network name.
The specious logic goes like this: how can the bad guys hack you if they can’t see you?
Yes, it’s true the network name won’t show up on other Windows PCs but anyone who knows how to use Google can very easily download something like Kismet which will still identify your network in seconds.
And do you know what the worst part is?
Since Kismet reveals that your WiFi SSID isn’t being broadcast, the hackers appetite will only become more voracious as he now focuses his intent on destroying your network.
Look at this n00b trying to avoid being hacked. Ha! Let’s eat him for breakfast.
Yuu don’t want your Wi-Fi network to be a hacker’s breakfast.
Security through obscurity doesn’t work. It’s the same reason why you shouldn’t try stupid things like dropping the transmission power of your Wi-Fi router.
Yes, this will shrink the coverage area and may make detection a little more onerous but if someone wants in, your lower powered network antenna isn’t going to stop them! All the bad guys need are a bigger antenna.
And again – the worst part is your little network is going to stand out because it’ll be one of the only ones in the area with a curiously small transmission radius. It looks like you’re trying to avoid detection with sophomoric strategies so the bad guys will eat you for lunch.
Don’t be lunch for the bad guys.
Filter by MAC Address
The MAC address is a unique identifier for your device.
If you just said, “Wait I thought that’s what an IP address was for” read my article about MAC addresses and you’ll understand why you need both IP addresses and MAC addresses to get on the internet.
Some people erroneously believe that you can protect your Wi-Fi network by locking down access to specific MAC addresses. You basically find the MAC addresses of the devices who need access and then tell your router to only allow those devices to connect.
If Joe Blow comes along with an unapproved MAC address, he can’t connect – even if he knows the right password.
It sounds like a good idea until you realize that an attack with a protocol analyzer like WireShark can easily sniff your network and see the approved MAC addresses authenticating to your Wi-Fi router. For this reason, MAC filtering is a waste of time because it’s so easy to circumvent.
The best method to protect yourself online is to use require WPA2-PSK (AES) encryption.
Nothing else is safer unless you unplug your computer and lock it in a vault.
The Bottom Line
Seriously. It’s called CloudCracker and it’s real.
The question should never be “Can someone hack my Wi-Fi network?”. It’s now “How long will it take someone to hack my Wi-Fi network”.
Wi-Fi security is a function of time. And given enough time, funding and motivation – nothing is completely secure.
I hope you enjoyed this three part series.
Here’s what you learned:
In the first part, you learned about the basics of the electromagnetic spectrum, radio waves and frequencies. You also learned about the properties of Wi-Fi networks and the major IEEE standards that are currently in place.
Then, in the second part, we delved into data representation and learned how Wi-Fi networks modulate data (binary patterns) on the air.
Finally, in this third part of our series, I showed you how to find free public Wi-Fi hotspots and explained how to stay secure online. I also debunked the top two myths about Wi-Fi security that is prevalent on the internet
I hope you liked this guide. If so please consider joining my email list. Just scroll up and look in the right rail for my face. You’ll see a picture of me and an offer to download my free 40 page eBook on getting the most out of Google Chrome. It’s called the Intelligent Guide to using Google Chrome.
It’s my gift to you for joining.
Thanks again and I hope to see you on my list! I’ve been sending exclusive contents to my members (about once a week) that I don’t publish on my website so you want to be part of that. Don’t miss out.
Thanks again for reading. If you have suggestions for another series like this one, let me know in the comments!