Is your home (or office) internet protected? Your password is it really strong? Are you sure? If you follow the TecMasters, you’ve certainly seen some important tips here on how to keep your online security. But an Indian engineer has found an unusual way to alert users around the world about the security of their home Wi-Fi networks.
To show the risk that most people are subject to, Ansari – as the engineer identifies himself on YouTube – decided to invade his neighbor’s Wi-Fi network and thus show how easy it is to hack someone’s internet. According to him, if password isn’t really strong, pretty much anyone can hack into other people’s Wi-Fi.
How does WiFi work?
In a nutshell – and without going into too many technical details – Wi-Fi connects two points: the internet access router and devices such as cell phones, notebooks, etc. To ensure connection security, this communication between devices and the access point is encrypted – that is, each time something connects to the router, passwords are shared in the form of codes.
For example: if the user password is “1234”, the device connecting to the router will encrypt this information as something like this: “8B53D81E2E43080D5F62896068D6D325”. Then the access point will decrypt this code and verify that the combination is correct. This establishes a (supposedly) secure connection.
The problem, explains the Indian in a video posted on YouTube, is that the device sends the password every time it connects to the access point. Therein lies the danger.
When interrupting the connection between the two points (router and cell phone, for example), it is possible to use software and capture the hashfile, that is, the encrypted file of the user’s password.
Then, to decrypt the file, the engineer explains that there are a number of methods that can be used. The most basic is to use “brute force”, which means trying all possible combinations until the file is decrypted.
But there are easier (and quicker) ways to do this too. “We could use the dictionary where we have a list of common passwords in a text file and try to crack the hash file by trying each password,” says the youtuber.
In 2009, the credentials list of a company called RockYou was breached and leaked onto the internet; millions of user data was exposed. The file, easily found on the internet, contains more than millions of common passwords – which is a starting point for deciphering other combinations.
Of course, the trial and error process depends on the attacker’s computing power.
Don’t you want to be the next victim? To protect yourself and prevent anyone from trying to intercept your Wi-Fi network, the main tip is to use a strong and unique combination for each service. The table below shows the time taken to decrypt certain passwords depending on the length and amount of special characters.
|8 characters||10 characters||12 characters|
|lowercase letters only||instantly||instantly||a few weeks|
|+ 1 capital letter||30 minutes||1 month||5 years|
|+ 1 number||1 hour||6 years||2,000 years|
|+ 1 special character||1 day||50 years||63,000 years|