If you have an internet connection at home, there’s a good chance you also have a wireless router set up to give you a wireless internet connection. Many people are happy with the default settings when they turn on their wireless routers for the first time. In some cases, if the router is provided by an ISP that gives a crap, you have a router with good encryption and a decent password. If you’re not that lucky, the default settings mean you’re sharing your internet connection and everything you do while online with anyone with a little knowledge of how Wi-Fi works.
Encryption is the key to safe wireless internet usage and while all wireless routers available today support a range of different encryption standards, many are configured with no encryption or very poor encryption by default. As an example, let’s have a look at the wireless access points that are visible from my apartment.
No less than 16 wireless access points are in range of my computer. I found them by using a tool called inSSIder, which anyone can download and use to scan for available wireless access points. It basically does the same as your operating system when it searches for wireless networks to connect, but the information collected from the networks found is displayed in a very convenient way. The main point of interest here is the Privacy column, which tells us what kind of encryption each network uses. There is one network with no encryption at all, 6 with WEP encryption, 3 with WPA encryption and 6 with WPA2-AES encryption (displayed as “RSNA-CCMP” in the table). As you can see, the WPA encryption comes in two flavors; WPA-AES (WPA-CCMP) and WPA-TKIP.
Initially, the network without encryption seems like an interesting one: It will give you free internet access by simply connecting to it. Personally, I get a little nervous when I see an open wireless network like this. It might be tempting to use it, but in some cases it’s a trap!. Someone might have set up this honeypot to lure you to connect to it just to record everything you do while connected. And by everything I mean everything: usernames, passwords and credit cards numbers – every single piece of data that is transmitted between your computer and the internet. Remember that free wireless internet you use at the coffee shop and the pizza place? It might be that you are connecting to a honeypot, not the free wireless network. And even if you are connecting to the coffee shop’s network, anyone can eavesdrop on the connection as long as the connection is unencrypted. This is the reason why I never connect to an unencrypted network and neither should you.