How to tell if neighbours accessing network/wifi

[Peter Franks]

After updating to iOS10, the iPhone now comes with a message saying that WPA isn't secure, switch to WPA2 AES. Is it as simple as just ticking this box and applying on this router set up? Or will something start to not work properly on the MBP and iPhone afterwards?
Is that the right one by the way and does it really make any diffrence? Thank you

 

[mildocjr]

After updating to iOS10, the iPhone now comes with a message saying that WPA isn't secure, switch to WPA2 AES. Is it as simple as just ticking this box and applying on this router set up? Or will something start to not work properly on the MBP and iPhone afterwards?
Is that the right one by the way and does it really make any diffrence? Thank you

Yes it really makes a difference. And yes, you really should be using WPA2. Everything should work just fine although some computers may need to re-authenticate to the router.

The real thing you should be worried about is how fast someone can break into your network on just standard WPA. In the amount of time I took to write this, WPA would have already been hacked and I would have been an authenticated client on your network. WPA2 would at least buy you a few more hours.

 

[Peter Franks]

Thank you. So what you're saying is it's hacked quicker than a WPA2, but still hackable but in longer time. Is it purely someone being able to use your wifi, or are there more sinister undertones?

Why when I asked my provider months ago did they tell me WPA is fine, and not suggest I use WPA2 instead. That option has been there for years!

Just read your earlier posts and you say WPA2 is easily cracked too, does that include the AES as well? What should you use?

 

[mildocjr]

Thank you. So what you're saying is it's hacked quicker than a WPA2, but still hackable but in longer time. Is it purely someone being able to use your wifi, or are there more sinister undertones?

Why when I asked my provider months ago did they tell me WPA is fine, and not suggest I use WPA2 instead. That option has been there for years!

Just read your earlier posts and you say WPA2 is easily cracked too, does that include the AES as well? What should you use?

WPA is fine if your friends who come over know nothing about computers and you live in a rural area. If you can see your neighbors wireless signal then you should be using WPA2.

Anything can be hacked given enough time with the proper resources.

It's not a measure of can it be hacked? It's how soon until it's hacked. WPA2 gives you the best outcome with a best case of 12 hours before it's hacked. (Assuming it's best for you not the attacker). WPA is hacked by someone just "listening" to your network traffic, after enough packets are gathered they can essentially guess the 8 digit hex number or 16 to the power of 8 or ~4.3B combinations.

WPA2 isn't itself the target in WPA2 based attacks; the target is actually WPS (used for one touch setup of printers on your network) and is enabled by default on most routers today. WPA2 is well encrypted and very difficult to break on it's own but WPS is the weak link as it only has 11,000 combinations of digits instead of the AES-256 encryption provided by WPA2.

WPS is enabled from within the router in case you'd like to turn it off.

But to put it bluntly, unless you run a multi-million dollar company from your computer at your house, no one cares about your data enough to wait 12 hours to get into it. They might spend 12 hours if they weren't willing to pay for Internet service and wanted to piggy-back on yours.

edit: In case you are wondering why 11,000 combinations takes longer than 4.3B combinations, the 4.3B is done locally. the 11,000 is done over a series of many, many, many packets which are already slow, then you might have to wait a few seconds for the connection to reset before you can try again. The 4.3B can be done without pausing and a typical CPU is 2.0 Ghz (or 2B operations per second per core thread) Since the average CPU is 2 cores with 2 threads @2.0 Ghz that's about 8 Ghz (2 cores x 2 threads = 4 x 2.0 ghz = 8 Ghz) it may only take a half second to crack it.

11,000 takes longer because it's like writing a book except you have to walk to your neighbors house for paper and let him check what you've already written before he gives you another sheet of paper so you can write the next page.

 

[Peter Franks]

Thank you for your help. Much appreciated. Astounding that the support that I called a few months back told me to just use WPA. Not 2
I've changed it over now, few initial glitches, disconnecting on and off a bit at the moment. Probably settling down though. Thanks again for explaining it!

 

[ApfelKuchen]

Thank you. So what you're saying is it's hacked quicker than a WPA2, but still hackable but in longer time. Is it purely someone being able to use your wifi, or are there more sinister undertones?

Your network has multiple layers of security. First, they have to get past whatever protections exist on the network itself. Then, each device on a network has its own protections, built into its operating system, to prevent other people on the same network from accessing the device. That's what things like login passwords and sharing permissions are for.

Ultimately, nothing is immune to a determined hacker, but the question is, do you have anything worthy of their efforts? The more layers you add (or the fewer easy-access features you use), the safer things are. Unless the bad guys know you have something worthy of the effort, they're not going to waste a lot of time on you.

Why when I asked my provider months ago did they tell me WPA is fine, and not suggest I use WPA2 instead. That option has been there for years!

Pure ignorance on the part of whoever you spoke to at your provider. Per Wikipedia https://en.wikipedia.org/wiki/Wi-Fi_Protected_Access :

WPA (sometimes referred to as the draft IEEE 802.11i standard) became available in 2003. The Wi-Fi Alliance intended it as an intermediate measure in anticipation of the availability of the more secure and complex WPA2. WPA2 became available in 2004 and is a common shorthand for the full IEEE 802.11i (or IEEE 802.11i-2004) standard.

A lot of time has passed since then. You think it's become more secure over time?

Just read your earlier posts and you say WPA2 is easily cracked too, does that include the AES as well? What should you use?

AES is not "easily" cracked at all. It's approved by the U.S. government for the transmission of top secret information (though these days, anyone using less than a 256-bit key with AES is taking a risk).

But you're mixing apples and oranges. AES is not a wireless communications protocol. It's an encryption cipher that is incorporated into many forms of data storage and communication. Data encrypted by AES can be transmitted across a network that uses WPA2, as a separate layer of protection.

If your data is traveling from your computer to a banking website (let's say), that data has to be secure from end-to-end, not just within your Wi-Fi network. That means the data leaves your computer in an encrypted format, and stays encrypted until it reaches its destination. There are protocols (TLS and SSL) for transmitting data securely. Those protocols can transmit data encrypted by a variety of methods (AES, for example).

Wi-Fi network security is a compromise, chosen to keep the cost of networking down (encryption slows down transmission, so you have to compensate by having faster equipment). The basic approach is, "Make access to the network reasonably secure. If you need to, make communication across the network separately secure."

Effectively, WPA2 is the lock on your front door. The lock on your front door doesn't prevent you from being robbed on the street. If you have large amounts of cash and jewelry inside the house, you may not want to depend solely on the front door lock - you may also want to have a wall safe.

 

[BeefCake 15]

Non-technical rule of thumb:
If you see your neighbor smiling in a sneaky way to you, know that he has put in the 12 hours to hack your wireless.

 

[Peter Franks]

Your network has multiple layers of security. First, they have to get past whatever protections exist on the network itself. Then, each device on a network has its own protections, built into its operating system, to prevent other people on the same network from accessing the device. That's what things like login passwords and sharing permissions are for.

Ultimately, nothing is immune to a determined hacker, but the question is, do you have anything worthy of their efforts? The more layers you add (or the fewer easy-access features you use), the safer things are. Unless the bad guys know you have something worthy of the effort, they're not going to waste a lot of time on you.

Pure ignorance on the part of whoever you spoke to at your provider. Per Wikipedia https://en.wikipedia.org/wiki/Wi-Fi_Protected_Access : A lot of time has passed since then. You think it's become more secure over time?

AES is not "easily" cracked at all. It's approved by the U.S. government for the transmission of top secret information (though these days, anyone using less than a 256-bit key with AES is taking a risk).

But you're mixing apples and oranges. AES is not a wireless communications protocol. It's an encryption cipher that is incorporated into many forms of data storage and communication. Data encrypted by AES can be transmitted across a network that uses WPA2, as a separate layer of protection.

If your data is traveling from your computer to a banking website (let's say), that data has to be secure from end-to-end, not just within your Wi-Fi network. That means the data leaves your computer in an encrypted format, and stays encrypted until it reaches its destination. There are protocols (TLS and SSL) for transmitting data securely. Those protocols can transmit data encrypted by a variety of methods (AES, for example).

Wi-Fi network security is a compromise, chosen to keep the cost of networking down (encryption slows down transmission, so you have to compensate by having faster equipment). The basic approach is, "Make access to the network reasonably secure. If you need to, make communication across the network separately secure."

Effectively, WPA2 is the lock on your front door. The lock on your front door doesn't prevent you from being robbed on the street. If you have large amounts of cash and jewelry inside the house, you may not want to depend solely on the front door lock - you may also want to have a wall safe.

Thanks for this, you've both really gone above and beyond to explain.. much appreciated

 

[Ulenspiegel]

@Peter Franks
And don't forget to change, set a new (strong, if possible) password for your WiFi Router access.

 

[Peter Franks]

@Peter Franks
And don't forget to change, set a new (strong, if possible) password for your WiFi Router access.

I hadn't thought about changing it... I'd left it with old one, I thought it was going to ask me to update it when I changed the WPA, but I will. Thank you