WiFi

[sg31]

I've never switched the WiFi on my router because of security concerns, possibly misguided but there were scare stories around at times.

I now need the WiFi on to use a mobile phone over the internet as I live in an area with no mobile signal. My concern is that I have a lot of bank accounts and share dealing accounts that I control over the internet and worry about my details being stolen while I'm online.

Currently I have a desktop which is used for all financial transactions of whatever type. It doesn't have WiFi and never leaves the house, it is protected by the house security cameras and alarm. It connects to the router via a cat 6 cable.

There are 2 laptops in the house these connect to the router by homeplugs. No transactions of any kind take place on these, they have WiFi which is enabled but the router WiFi is turned off. The laptops are used away from the house and obviously there is a risk they might get stolen.

My mobile will use the WiFi when it is enabled, obviously. I doubt I will ever use it for financial transactions.

Will turning on the WiFi at the router present any risks?

How can I remove them?

Would a VPN reduce the rik? I'm not sure how a VPN works

[swill453]

Negligible risk of anyone interfering with your banking. Some risk of a neighbour stealing some of your broadband bandwidth if they know the password.

Hundreds of millions of people do it, problems are rare.

Scott.

[chas49]

Negligible risk of anyone interfering with your banking. Some risk of a neighbour stealing some of your broadband bandwidth if they know the password.

Hundreds of millions of people do it, problems are rare.

Scott.

I was pretty much typing the same thing. If it's a modern-ish router using WPA2, and you change the password from the defualt one (printed on the router probably), the likelhood of hijack in that way is even smaller. You can even change the SSID name, and stop broadcasting it - so only someone who already knows the name of your ntework can even try and connect - and they also need to know the password.

[didds]

the only risk turning wifi on has with regards to what you described is it COULD provide connection to your local network by somebody "outside but very close" to the house [1] that attempts top connect to your SSID (wifi network name) AND guesses/finds your password.

And even then they would need to gain access via that wifi network to your PC
Which would require some pretty weak security on said PC
And if having then accessed the PC the access to online banking websites used a login with saved credentials eg you load the website and it autiomatically logs you in because you saved the login credentials.

In these regards the same issues would arise if somebody was inside the house and had access to the PC ie was sat at it.

[ 1 ] or they are inside the house!

So - ioverall id say you are pretty safe. But if you really wanted to be sure yopu could o all or some of the following

* set your SSID (ie in the router's config) to HIDE the SSID ie not broadcast its existence so that it cannot be seen by a random wireless network scan
* change the SSID's password to something complex that only you know and if you have to write it down (because it is random and complex) put (hide) that information well away from the router and dont label it anything that dientiofies it ( eg not in an encelope marked "SG31 ROUTER WIFI PASSWORD TOP SECRET" ) so that if anybody managed to get iside your house and find the router they cant sue the default password thatc ame with the router

* password protect your windows/linux/whatever account with a complex password only known to you
* set the screenlock to come on at a suitably small time lag
to avoid open access to others that gain access to the PC

* BIOS password protect the PC to protect the PC once its rebooted

* NEVER EVER EVER store account details in web browsers for ANY websites you dont want anybody else to have access to. Thus preventing anybody that has gained access to the PC, from just laoding the bank website and gaining immediate access.


Allied to the above you could also

* turn the router off exacept dfor when you need the internet
* turn the PC off whenever you dont actually use it
* physcially lock the access to both router and PC when not using them etc

There is till the potential for some snopping of traffic by a 2nd/3rd party to your internet traffic when doing your banking online (needing wifi etc access anyway still) but assuming your bank website uses https youve pretty much done as much as you can. Once you are dealing with that level of "hacking" you are talking about pretty sophisticated hackers. its really about making access as dicciult as you can to start with.

Your level of paranopiai will find where you wish to sit in that list above. Im sure others can come up with other suggestions also.

cheers

didds

[fourtwentyfour]

Last post is very interesting, thanks.

I am nervous about radio signals in the environment and do not use wifi in the house. Well, the mobile is a problem, but I keep away from it in the daytime if I can, and turn it off at night.

I once noticed that my router/hub, when it was enabled for wifi, was right next to the cat, and so I immediately turned it off. The cat is more important than convenience.

[Breelander]

Will turning on the WiFi at the router present any risks?

How can I remove them?

As others have said the risks are negligible, particularly if you change the WiFi access code from the default. While you're there, it would be a good idea to change the router admin password from the default too.

[mc2fool]

I will add to the sage advice above that most routers will also let you limit which devices can connect via WiFi to specific hardware addresses (MAC address), so you can easily set it up such that, even if they get past the other protections mentioned, only your mobile phone can connect to the WiFi. (Yes, MAC addresses can be spoofed, but that's another level of "unlikely").

You can also (usually) limit the number of LAN IP addresses allocated and give static IPs to specific MAC addresses, and have those take up the whole number allocated. So, if you setup the router to allocate only, say, 192.168.1.1 to 192.168.1.5 and those are assigned respectively to your router, desktop, laptop 1, laptop2 and mobile phone, then anything else that does connect (by any means, WiFi or wired) won't get an IP address.

[Infrasonic]

As the WiFi question has pretty much been covered there are some further security things you can do.

On more recent phones you can randomise your MAC address over WiFI connections, which helps stop you being tracked even when you have browser block extensions for all the other stuff in place.
Some have it as the default over WiFI but it's worth checking in settings. When I checked my phone it was 50/50 so I had to manually change some.
If you need whitelisted MAC addresses to access certain services you'll want that to be fixed to the real device MAC in those instances.
Same with PC's et al although you might have to jump through some hoops with W10 home as they changed MAC randomisation a while back.

Another one is to set a boot password in the BIOS/UEFI (in addition to any other login passwords you may have in your OS).
On a mobile you can set a SIM lock password as well as a separate OS login, so if your phone got stolen another SIM wouldn't work without the lock code. You can get also tracking apps. that sit at the firmware level (so reinstalling the OS won't break it) if you really need that level of peace of mind.

If you keep sensitive information on your PC's/phones/tablets look into encryption of either entire drives or specific folders/files + any local backups.
Many OS' have basic built in encryption options these days or there are popular third party choices. For a closed system it's pretty simple, if you need to share sensitive encrypted info with others it can get more complicated.

That can be carried over to zero knowledge end to end encrypted 'offsite' backups in the cloud, which should protect you against things like a house fire taking out all your local data. Zero knowledge means only you have the encryption keys, so even if the cloud provider got compromised they don't have any way of decrypting your data. Of course if you forget/lose your passwords you're snookered...

[jackdaww]

Last post is very interesting, thanks.

I am nervous about radio signals in the environment and do not use wifi in the house. Well, the mobile is a problem, but I keep away from it in the daytime if I can, and turn it off at night.

I once noticed that my router/hub, when it was enabled for wifi, was right next to the cat, and so I immediately turned it off. The cat is more important than convenience.

==========================

re health risks.

we have been surrounded by radio waves and other electromagnetic radiation for 100 years or more .

the signal strength from these is extremely low in the house.

what the danger level is i dont know .

the most common strong signal will be from a mobile fone held close the ear.

on speakerfone the level falls off by the square ( i think ) of the distance , so less of a risk.

i doubt that your wifi router has the power of your mobile, which has to strong enough to reach the mast possibly several miles away, the router range is perhaps 25 metres, and its probably not located close to you .

just making the comparison.

[Urbandreamer]

I would agree with all those who argue for the safety of WiFi.

HOWEVER:

There may be an alternative if you really don't want to use WiFi, possibly due to a fear of the letter W.
You may be able to use a USB ethernet adaptor and plug your "mobile" phone in just like a computer.

I tried this google for examples.

https://www.google.co.uk/search?sxsrf=A ... ent=psy-ab

and found this article.
https://www.wirelesshack.org/how-to-con ... ction.html

[AF62]

I will add to the sage advice above that most routers will also let you limit which devices can connect via WiFi to specific hardware addresses (MAC address), so you can easily set it up such that, even if they get past the other protections mentioned, only your mobile phone can connect to the WiFi. (Yes, MAC addresses can be spoofed, but that's another level of "unlikely").

You can also (usually) limit the number of LAN IP addresses allocated and give static IPs to specific MAC addresses, and have those take up the whole number allocated. So, if you setup the router to allocate only, say, 192.168.1.1 to 192.168.1.5 and those are assigned respectively to your router, desktop, laptop 1, laptop2 and mobile phone, then anything else that does connect (by any means, WiFi or wired) won't get an IP address.

To raise the point that with IOS14, Apple devices automatically randomise the MAC address they present for a WiFi connection unless you tell it to do otherwise.

Just thought I would mention in case someone did as as suggested and then wondered why on earth their Apple device would not connect a second or subsequent time.

[sg31]

I would agree with all those who argue for the safety of WiFi.

HOWEVER:

There may be an alternative if you really don't want to use WiFi, possibly due to a fear of the letter W.
You may be able to use a USB ethernet adaptor and plug your "mobile" phone in just like a computer.

I tried this google for examples.

https://www.google.co.uk/search?sxsrf=A ... ent=psy-ab

and found this article.
https://www.wirelesshack.org/how-to-con ... ction.html

Can I make sure I understand what you are saying? If I use one of these USB ethernet adaptors I can connect my phone direct from it's micro USB port to say a homeplug and that will give me mobile over the internet without connecting to my computer or turning on WiFi. If so it solves a lot of problems.

My phone has Android 9 (pie) so should be ok.

[Urbandreamer]

Can I make sure I understand what you are saying? If I use one of these USB ethernet adaptors I can connect my phone direct from it's micro USB port to say a homeplug and that will give me mobile over the internet without connecting to my computer or turning on WiFi. If so it solves a lot of problems.

My phone has Android 9 (pie) so should be ok.

That was what I was saying. However not all phones support the feature. Nor do all adaptors work with phones.
I am certain that it wouldn't work with my phone (Blackview A60) as the phone wont recognise USB sticks or keyboards when plugged in.

All I can suggest is making the attempt. I'd recommend checking the OTG (on the go) functionality first.

I seem to recall that you may have a Nokia 2.3 which does support OTG.
https://latestmobilefaq.com/nokia-2-3-f ... unlock-4k/

Here is a video of someone struggling, but getting it to work.

https://www.youtube.com/watch?v=maSO00G1ByI

[sg31]

That was what I was saying. However not all phones support the feature. Nor do all adaptors work with phones.
I am certain that it wouldn't work with my phone (Blackview A60) as the phone wont recognise USB sticks or keyboards when plugged in.

All I can suggest is making the attempt. I'd recommend checking the OTG (on the go) functionality first.

I seem to recall that you may have a Nokia 2.3 which does support OTG.
https://latestmobilefaq.com/nokia-2-3-f ... unlock-4k/

Here is a video of someone struggling, but getting it to work.

https://www.youtube.com/watch?v=maSO00G1ByI

Yes it's a Nokis 2.3. I'll have to see if I can find an adaptor that works with the Nokia. If I can get that sorted I'll give this a try.

Thanks.

[Infrasonic]

Another option that might work if you really want to avoid WiFi at any cost would be to share your internet connection from your pc/laptops via USB to the phone.
W10 here...https://www.google.com/search?q=sharing ... e&ie=UTF-8

[sg31]

Another option that might work if you really want to avoid WiFi at any cost would be to share your internet connection from your pc/laptops via USB to the phone.
W10 here...https://www.google.com/search?q=sharing ... e&ie=UTF-8

Wouldn't that risk someone accessing my desktop through my phone wifi? Sorry if that is a stupid question, I'm a bit out of my depth here.