Turn off your WiFi when you don’t need it, and other tips on how to prevent hacking and tracking
A recent article by Bleeping Computer summed up many of the dangers of leaving your WiFi turned on which many people might not be aware of, and the solution of turning off your WiFi before you leave the house is so simple that I thought it inherited a post of it’s own. Check out the article for the full technical explanation but here is my quick and dirty summary:
- By default, most smartphones search for available WiFi networks all the time, and connect to them if trusted.
- About ¼ of the time, your phone searches for a WiFi signal and broadcasts the name of past networks you have connected to which are then stored in WiFi routers you pass.
- Passwords to previous connected WiFi networks (like your home or work) were also leaked during this broadcast.
- Having your phone always broadcasting WiFi probes has tracking implications. Your phone is always being tracked by other radios like your cell connection, but why add one more point of tracking?
- Many stores already use WiFi and Bluetooth probing to track their customers’ position and movement to see what items and areas they are most interested in.
- Hackers set up fake hotspots with popular network names, like Starbucks, and your phone may auto connect to it and now the hackers can watch all your internet traffic and intercept things you are doing.
What to do to minimize your attack surface from easiest to hardest.
- The thing you should get in a habit of doing is to simply turn off your WiFi when you are leaving your home. Not only will it save battery by not constantly sending out probes for networks, but it will reduce your attack surface quite a bit.
- Turn off your phone, put it in airplane mode, or put it in a faraday bag when you don’t need it.
- An easy thing you can do is to remove previously connected to networks that you no longer use like that AirBnB you stayed at last winter.
- Disable your device’s ability to auto-join a network. That way it won’t connect to some hacker’s fake WiFi broadcast under the same name as one you have previously joined.
- Update your device’s operating system. Newer versions have better security and can offer settings which help minimize some tracking.
- Turn on MAC address randomization. This is your device’s address on a network so your router knows to send that data you just requested to you and not your kids on their device. If your MAC address is the same on every network you connect to, it is easier to track you than if you have your device randomize that address for each different network you connect to.
- If you do need to use WiFi somewhere that is not your home and can’t be 100% trusted, only connect using a VPN. So even if you connect to a rouge hotspot or it is being monitored, your internet traffic is encrypted.
I am glad that I read through this article and then did a self assessment. I usually turn off WiFi when I leave the house, have MAC addresses randomized, and use a VPN. But when I looked at my phone I have collected 9 saved networks that are all set to auto-connect when in range. So these are constantly being sent out and probed for. I was able to delete five of them and turn the remaining four to not auto-connect. It will just involve one more step of clicking on the network name when I get in range and want to connect to it, but hopefully it will cut down on the amount of information I am sending out and not allow my device to automatically connect to networks I pass. I wrote down the deleted network names and passwords in my password manager so I can easily access those if I ever need them without having to ask again for the password.