Internet, Networking, & Security Antivirus 96 96 people found this article helpful 4 Important Things to Know About Wi-Fi Security What can a hacker do with a MAC address? by Andy O'Donnell Writer Andy O'Donnell, MA, is a former freelance contributor to Lifewire and a senior security engineer who is active in internet and network security. our editorial process Andy O'Donnell Updated on April 30, 2020 Antivirus Browsers Cloud Services Error Messages Family Tech Home Networking 5G Antivirus VPN Web Development Around the Web View More Tweet Share Email Wi-Fi security is critically important, And just because you're using a wireless access point with encryption, doesn't mean you're safe. Hackers want you to believe that you are protected so that you will remain vulnerable to their attacks. Here are four important things you should know about Wi-Fi security. WEP Encryption Is Not Effective Protection WEP, which stands for Wired Equivalent Privacy is easily cracked within minutes and only provides users with a false sense of security. Even a mediocre hacker can defeat WEP-based security in a matter of minutes, making it virtually useless as a protection mechanism. Getty Images Many people set their wireless routers up years ago and have never bothered to change their wireless encryption from WEP to the newer and stronger WPA2 security. Encrypting your wireless network with WPA2 is a reasonably straightforward process. Visit your wireless router manufacturer's website for instructions. MAC Filters Are Ineffective and Easily Defeated Whether it's a computer, game system, printer, or another device, every piece of IP-based hardware has a unique hard-coded MAC address in its network interface. Many routers allow you to permit or deny network access based on a device's MAC address. The wireless router inspects the MAC address of the network device requesting access and compares it to your list of permitted or denied MACs. It sounds like an excellent security mechanism, but the problem is that hackers can "spoof" or forge a fake MAC address that matches an approved one. All they need to do is use a wireless packet capture program to sniff (eavesdrop) on the wireless traffic and see which MAC addresses are traversing the network. They can then set their MAC address to match one of that is allowed and join the network. Disabling Your Remote Administration Feature Works Many wireless routers have a setting that allows you to administer the router via a wireless connection. You can access all of the routers security settings and other features without having to be on a computer that is plugged into the router using an Ethernet cable. While this is convenient for being able to administer the router remotely, it also provides another point of entry for the hacker to get to your security settings and change them to something a little more hacker-friendly. Many people never change the default admin password on their wireless router, which makes things even easier for the hacker. We recommend turning the "allow admin via wireless" feature off so only someone with a physical connection to the network can attempt to administer the wireless router settings. Public Hotspots Are Often Not Secure Hackers can use tools like Firesheep and AirJack to perform "man-in-the-middle" attacks. They insert themselves into the wireless conversation between the sender and receiver. Once they have successfully added themselves into the line of communications, they can harvest your account passwords, read your email, view your IMs, etc. They can even use tools such as SSL Strip to obtain passwords for secure websites that you visit. We recommend using a commercial VPN service provider to protect all of your traffic when you are using wi-fi networks. A secure VPN provides an additional layer of security that is extremely difficult to defeat. You can even connect to a VPN on a smartphone to avoid being in the bull's eye. Unless the hacker is exceptionally determined, they will most likely move on and try an easier target.