Most of us don’t think about hackers spying on our home internet activity and searching through our home computer files. In fact, most of us believe that our home lives are not interesting enough for hackers to waste their time trying to crack into our systems.
But what if it does not take much time at all? What if you knew that your home wireless network could be easily compromised? What if you new that it was so easy to hack your home network that the teenager next door can do it in 5 minutes or less using software that can easily be bought online?
The neighborhood teenagers can probably hack you in minutes
Why is it so easy to gain access to home networks? There is one primary reason for this: Home routers tend to be very insecure.
Router firmware is often insecure
Even if the router firmware is considered secure at the time that your router is purchased, chances are that there are many vulnerabilities that were discovered between the time that you bought your home router and now. These vulnerabilities are well known and the router manufacturer likely already created patches for your router. But when is the last time you updated the firmware on your router?
In most cases, the firmware patches will not be implemented automatically. It sounds like it would be a good idea for router manufacturers to automatically push out security updates to all the routers that are in the wild. While it sounds logical, things do not work like this. Patch management is something that is generally not automated. There are several reasons for this, but one of the most compelling is that patches can beak things – make things not work. Therefore, security professionals like to apply patches manually. This is so that they can test and ensure that all is good. If something goes wrong then they can revert back if they have to. But for home systems, you likely don’t have a patch management crew available. So the patching does not get done.
Default admin passwords and SSID are often left in place.
You know that admin password that is printed on the side of your router? It is estimated that almost half of the routers out there use the default password. Even though the password is easy to change, many people don’t bother. This has severe security implications.
There are tools available that will allow hackers to crack your default password in short order.
If you are one of the many people who use the default password then it is time go in and change it. Just do a Google on your router manufacture to learn how to make this easy change. It will only take a few minutes and your network will be infinitely more secure after you do it.
While you are in the router you should also change the default SSID. The SSID is the name of your network and is broadcasted to anyone within range or your network. It is a good idea to change this so that “war drivers” can’t immediately know potentially private details about your ISP and network.
There are many things that can be done to better secure your home network. Updating your firmware and keeping all of your software (like Windows) up to date will make a big difference. Changing from the default admin password will also increase your security. Just these two things will increase your home network security exponentially.
Of course, there are many more actions that can and should be taken to increase the security of your home wireless network. These include:
- Always use a Firewall.
- Consider using a VPN service. These services are now very inexpensive and are invaluable for security minded people.
- Get rid of your old router and replace with a new secure model.
- Going out of town for a while? Turn off your wireless network while you are gone
- Use strong and unique passwords for your router
- Activate network encryption
- Change the default IP address on your route
If you don’t want your personal information to be compromised then do these things. If you don’t want other people to know your private business then do these things. If you think that your life is too boring to be a target of a hacker, then think again. Hackers don’t discriminate – they will get your information and exploit it if they can.
Fred Templeton is a practicing Information Systems Auditor in the Washington DC area. Fred works as a government contractor and uses his skills in cyber security to make our country’s information systems safer from cyber threats. Fred holds a master’s degree in cybersecurity and is currently working on his PHD in Information Systems.