Turn off your WiFi when you don’t need it, and other tips on how to prevent hacking and tracking

Supersonic - July 23, 2022

Skills

A recent article by Bleeping Computer summed up many of the dangers of leaving your WiFi turned on which many people might not be aware of, and the solution of turning off your WiFi before you leave the house is so simple that I thought it inherited a post of it’s own. Check out the article for the full technical explanation but here is my quick and dirty summary:

• By default, most smartphones search for available WiFi networks all the time, and connect to them if trusted.
• About ¼ of the time, your phone searches for a WiFi signal and broadcasts the name of past networks you have connected to which are then stored in WiFi routers you pass.
• Passwords to previous connected WiFi networks (like your home or work) were also leaked during this broadcast.
• Having your phone always broadcasting WiFi probes has tracking implications. Your phone is always being tracked by other radios like your cell connection, but why add one more point of tracking?
• Many stores already use WiFi and Bluetooth probing to track their customers’ position and movement to see what items and areas they are most interested in.
• Hackers set up fake hotspots with popular network names, like Starbucks, and your phone may auto connect to it and now the hackers can watch all your internet traffic and intercept things you are doing.

What to do to minimize your attack surface from easiest to hardest.

• The thing you should get in a habit of doing is to simply turn off your WiFi when you are leaving your home. Not only will it save battery by not constantly sending out probes for networks, but it will reduce your attack surface quite a bit.
• Turn off your phone, put it in airplane mode, or put it in a faraday bag when you don’t need it.
• An easy thing you can do is to remove previously connected to networks that you no longer use like that AirBnB you stayed at last winter.
• Disable your device’s ability to auto-join a network. That way it won’t connect to some hacker’s fake WiFi broadcast under the same name as one you have previously joined.
• Update your device’s operating system. Newer versions have better security and can offer settings which help minimize some tracking.
• Turn on MAC address randomization. This is your device’s address on a network so your router knows to send that data you just requested to you and not your kids on their device. If your MAC address is the same on every network you connect to, it is easier to track you than if you have your device randomize that address for each different network you connect to.
• If you do need to use WiFi somewhere that is not your home and can’t be 100% trusted, only connect using a VPN. So even if you connect to a rouge hotspot or it is being monitored, your internet traffic is encrypted.

I am glad that I read through this article and then did a self assessment. I usually turn off WiFi when I leave the house, have MAC addresses randomized, and use a VPN. But when I looked at my phone I have collected 9 saved networks that are all set to auto-connect when in range. So these are constantly being sent out and probed for. I was able to delete five of them and turn the remaining four to not auto-connect. It will just involve one more step of clicking on the network name when I get in range and want to connect to it, but hopefully it will cut down on the amount of information I am sending out and not allow my device to automatically connect to networks I pass. I wrote down the deleted network names and passwords in my password manager so I can easily access those if I ever need them without having to ask again for the password.

12  

Some great examples of the kinds of “basic configuration” fixes for digital security that I’m looking for— thank you!

 

Excellent tips, thanks! All that tracking gives me the creeps, but sometimes it’s overwhelming to figure out how to limit it. Your bullet points are great!

 

I had an awakening for this need over the weekend.  I was in a Home Depot and noticed my WiFi was connected.  Huh?  I apparently had auto-connect to wifi set as a default.  That got changed right that second! Then WiFi turned off.  For me and my husband who was with me.  I’m better now about watching when/if the cell has WiFI turned on.  Thanks, Supersonic!

 

You’re welcome! I am glad that you caught that and were able to turn it off.

 

– “The thing you should get in a habit of doing is to simply turn off your WiFi when you are leaving your home.”

Do you mean, ‘turn off my modem-router WiFi’ or turn off my phone’s function to search for WiFi networks when I leave the house?

 

The latter.

 

What Scott said, turn off your phone’s function to search for WiFi networks when you leave the house. 

Some people turn off their home’s WiFi router at night, when away, or simply when they don’t need it to prevent possible hackers trying to infiltrate your home network, but that’s overkill for most. Do make sure you have a good password on your home WiFi though

 

My husband did that – turned off our home wifi – for our last weekend trip and then realized that the outdoor cameras needed it to transmit videos and alerts to our phones. Oops!  

 

Great collection of tips.

What do you think about editing the title to say “Turn off your *phone* WiFi when you don’t need it”? I would find that more clear. My initial impression was also that you were going to talk about home routers.

 

Yes, the initial title was open to misinterpretation but the text makes perfect sense to me. A few simple tweaks in your smartphone settings can make a real difference in most situations but if you really don’t want to be traced it may be better to turn it off and take the battery out while you’re not using it.

Turning off your home router may result in slower internet speeds as the internet providers systems may interpret it as you trying to reset or the disconnection being the fault of an unstable connection. Their response would be to slow the passage of data to help stabilise the connection. 

 

Great advice and very simple to do by accessing your own cellphones settings. Another bit of good practice is also to periodically check what apps have access to your GPS and make use of your location. If they aren’t something that you trust, want or need, some of them can be disabled.

 

Excellent advice as well! Go though all your app permissions and disable anything that is not needed. Luckily later versions of phone operating systems give even more control over the permissions granted to each application.