WiFi and Bluetooth Security Guide

WiFi: If a WiFi Network is left unprotected it can allow access to that network without the owner's permission or awareness. Firstly, this can result in lessened bandwidth as these users will require bandwidth for the data they are using. Further it can allow unauthorized users to communicate with other computers on the WiFi network. This can enable hackers, or other unscrupulous users, to attack computers on the network, or in other ways convince these systems to return information the network owner may not wish to have made public. For these reasons it's really a good idea to encrypt a Wi-Fi network in any way possible.

There are easy ways to secure WiFi networks. Firstly, most WiFi routers offer some means of password protection. Many also offer the option of creating networks that are invisible, although such networks are not hard to discover for professionals as, being wireless, these need to send out signals of some kind to other computers so they can communicate, and those need to identify the network. Many routers offer more advanced features as well including firewalls, port filtering, and other options to make the network un-standard enough that it would be difficult for unauthorized users to penetrate.

For password protection WPA, WPA2, and WEP are 3 available options to use. WEP is the oldest wireless security protocol. Because of this it is the easiest to compromise as it is very well-known, and many tools exist to compromise WEP networks. The successor to WEP was WPA, which was intentionally meant as a stop-gap kind of protection, and has since been replaced by the more secure WEP2. For many users the differences between these matter little. At the same time there is never any telling where an intruder may come from, so even in seemingly safe situations it is best to use the most secure options available.

If your WiFi network has been compromised the first step should be immediate removal of all computers from the network. There is a chance any machine attached to the network may have been compromised as well. For this reason not only should the network password be changed, but also those of the computers on the network. If a password protected network has been compromised then the network password itself may be known, as many available rogue programs will store this. For this reason one should NEVER use a common password for their network password, although in general using a single password for multiple applications should be avoided.

WiFi Resources:

What is WiFi - An overview of WiFi networks on different devices.

WIFI Technology - How does Wireless Fidelity Technology work?

Frequently Asked Questions About WiFi - A guide to WiFi from the Centre for Information Technology.

WiFi Security - Advice, and Tips, from the Federal Bureau of Investigations.

Shared Responsibility in WiFi Security - The legal concerns of WiFi security, and the responsibility of network admins and users.

What NOT to Do (pdf) - Common mistakes when securing WiFi networks.

Google Android & WiFi - A good discussion of the risks of WiFi networks and Mobile Phones.

Windows Registry Fix - Registry Problems can compromise WiFi and bluetooth connections. Useful website on Windows Registry issues.

What's Next for WiFi (pdf) - A still relevant discussion of enhancements to WiFi networking standards, some of which now are available.

The WEP Algorithm - A guide to understanding WEP Security.

Intercepting Mobile Communications (pdf) - The Insecurities of many mobile networks.

WPA vs WPA2 (pdf) - An examination of the advantages and disadvantages of both.

Bluetooth: Bluetooth is a wireless technology for communicating between devices. Cellphones can use bluetooth to communicate with headsets, or send address book information to computers. Keyboards and Mice can use bluetooth to communicate with computers. While this might seem innocuous, compromised bluetooth device could result in the loss of personal information or phone records. A compromised bluetooth keyboard could send all data typed on it to an intruder; giving access to any number of private communications.

Unlike WiFi, where there are multiple options for securing communications, all encryption with bluetooth is handled within the version of bluetooth one is using. Before Bluetooth 2.1 it was possible to opt not to use encryption which would enable easy access to bluetooth communications. Any devices using older protocol versions should be considered very carefully, or upgraded to use 2.1. Another advantage of the 2.1 protocol is that it fixes a problem where the encryption keys could be reused after they expired, meaning hackers could make use of the old key to gain access.

Bluetooth Resources:

A Guide to Bluetooth Security (pdf) - A bluetooth security introduction from the National Institute of Standards & Technology.

Dispelling Bluetooth Misconceptions - What Bluetooth is, what it isn't, and how it can be used.

Device Discovery In Bluetooth (pdf) - How Bluetooth devices discover, and communicate with, one another.

Understanding Bluetooth - Security tips for Bluetooth devices from US-CERT.

Security Weaknesses in Bluetooth (pdf) - A guide to what parts of Bluetooth security are lacking.

Analysis of Bluetooth Device Discovery (pdf) - Ways to speed up the discovery, and securing processing times when using Bluetooth.

The Bluetooth Standard - An overview of Bluetooth Technology.

Bluetooth Networking - How Bluetooth can be used to create computer networks.

Start a Blog - Good resource for learning how to start a new blog and post on topics ranging from Bluetooth and WiFi to Politics and Social issues.

Security for Wireless Networks - A generic security guide that addresses both Bluetooth, WiFi, and other types of wireless communications.

Bluetooth Technology in Medicine - How Bluetooth is used in medical applications, and some security implications of this.

Article last updated March 12, 2012.

Related Articles:

WiFi and Bluetooth Security Guide: