How to Detect if Someone's Stealing Your WiFi

Before you can detect if someone is ripping off your wireless internet connection, it's important to understand some basic computer networking lingo. For more information on how to set up a wireless network, take a look at How WiFi Works. Now, let's look at a few of the areas in a wireless network that will give you a baseline for determining if your WiFi signal is being sapped unexpectedly.

A wireless network is comprised of a broadband internet connection from a DSL, cable or satellite modem. You attach the modem to the wireless router, which distributes the signal and creates a network.

This is what's called a local area network (LAN). This LAN is where you set up computer peripherals such as your desktop or laptop computer and printer. Your router will have what's called a dynamic host client protocol (DHCP) table. In essence, your DHCP table is your guest list of every allowed piece of computing equipment.

Each device has its own media access control (MAC) address. Think of this as its signature. Your router uses these addresses to assign each machine on your network an internet protocol (IP) address. The MAC and IP addresses of your equipment will be useful in a moment when we look at ways to detect whether or not someone is stealing your WiFi. For a more in-depth understanding of IP addresses, read What Is an IP address?

There are also a couple of important terms related to WiFi that you should know. A service set identifier (SSID) is the name that identifies a wireless network. By default, this will probably be the name of your router — Netgear, Arris or ASUS or something similar — but you can have fun by changing it to something more personal or creative, like My WiFi Only, or anything you like.

There are a number of WiFi varieties out in the wild, including 802.11n, which is capable of up to 600 megabit per second data transfers. 802.11ac is another standard, which allows for wireless speeds of over one gigabit per second. The latest and greatest in WiFi is 802.11ax, which can work at speeds of up to 3.5 gigabits per second [source: Weinberg].

Note that in an effort to simplify all the gobbledygook jammed into WiFi names, the Wi-Fi Alliance updated its taxonomy in 2018. Now, 802.11ac is called Wi-Fi 5, 802.11n is Wi-Fi 4, and 802.11ax is Wi-Fi 6. The older versions, like 802.11b, remain as-is [source: Shaw].

If you're confused by some of this computer mumbo jumbo, don't be. What's important is that you know what to look for when we get ready to diagnose your WiFi connection.

OK, it's time to get down to it. Is your wireless network running slowly? Do you have intermittent losses in internet access and you can't figure out why? First, take a breath. In all likelihood, no one is stealing your internet. Tons of things could cause a slow connection. Your internet service provider might be having issues or is overloaded with traffic. Your WiFi router might be experiencing interference from other electronics, or simply be having trouble penetrating the walls and furniture of your home to get a wireless signal to your computer.

There's only one thing you need to prevent 99.9 percent of wireless squatters from using your internet connection: a password.

The most basic element of wireless security is an encryption protocol such as WPA2, or WiFi Protected Access. Older standards like WEP and the first generation of WPA have been phased out for the more secure WPA2, which is itself now slowly being replaced by WPA3.

WPA3 is the third and most recent iteration of WPA security, introduced to the marketplace in July 2020. Because this standard requires certain hardware specifications, many millions of older WiFi devices yet aren't able to use it. Expect WPA3 to become much more common in the next couple of years as WPA2 is gradually made obsolete [source: Froehlich].

You don't need to know anything about how the encryption works — you just need to set up WPA2 (or if you're an early adopter, WPA3) security on your wireless router and set a password for the network. Make it something you can remember that's not easy for others to guess (please don't use "password" or "12345!") and you'll be well on your way to security [source: WiFi Alliance].

So how do you configure your password? Well, that varies by the type of router you have, but most WiFi routers are accessible from a connected device via the address http://192.168.1.1 in a web browser. (Note, if you have a device that is a combo of modem and router, these instructions will work too.) Logging in is usually easy, too, as most router manufacturers use a simple pair of words like "admin" and "root" for the device's username and password (you should be able to find this information in the manual). That will take you to a management tool where you can change all kinds of settings, including your wireless security.

That tip might set off a little security alert in the back of your head. "Wait, a minute," you think. "If most routers use the same local address and username/password, couldn't anyone get in there and mess with my security settings?" Well ... yes! Without a password, your wireless network is open for anyone to hop on. But a password isn't quite all you need to be totally secure. You should also change the router's login information to something aside from the usual "admin." That will keep virtually everyone from messing with your router — but let's take a look at how to detect a WiFi leech, just in case.

With WPA2 security enabled, it's unlikely anyone will ever piggyback on your network. But there's an easy way to spot squatters: Since every device connected to your network has a unique IP address and MAC address, you can easily see a list of connected devices — often listed as "clients" — on one of the settings pages for your wireless router. Many devices broadcast an ID because they've been named by their owners, so if you see "John's Laptop" connected to your network and you don't have a John in the house, you've found trouble! Even if a device doesn't show a name in the router's client list, you can count the number of devices connected and compare to the number of devices you know should be there to see if the numbers are off.

Want to make absolutely sure no one's going to figure out your password and worm their way onto your network? You have a few options. Your router can hide its SSID, meaning it won't show up for anyone searching for connectable networks. The address will have to be entered manually.

You can also set up a wireless MAC filter to "whitelist" devices you own, disabling access for anyone else. Of course, this makes it a bit tougher for welcome guests, such as friends, to get online at your house.

But that still leaves the burning question – what do you do if you think someone is routinely using your WiFi without your permission?

If you suspect someone's stealing your WiFi, you have a number of detective tools at your disposal. For starters, you could simply shut off all of your WiFi devices, like your phone and your laptop – and then watch for blinking lights on the front of your router. If the router seems to be showing data transfer even with your family's devices powered down, you may have a piggybacker nearby.

You can also smartphone apps like WiFi Thief Detector or for iOS users, WiFi Guard, which help you spot intruders.

Internet monitoring software is another option. A program such as Wireless Network Watcher lets both Windows and MacOS users keep tabs on all connected devices and potential suspicious activity. When you launch the program, you'll see your computer nicknames, as well as manufacturer brands of the devices that are connected. If you're still confused (perhaps because you have so many devices), you can turn off each one and watch as it disappears from the list. If you power down all of your WiFi gadgets and still see active devices, you're a step closer to identifying a potential problem.

If you can't identify a device on your network, simply change the password. You'll have to reauthorize all of your WiFi devices with the new password, of course, but this is quickest and easiest way to resecure your network and get peace of mind [source: Gordon].

As long as your network has a strong and unique password, only a hacker using specialized software is going to get past your security. A simple Google search will reveal just how many password hacking resources are available to criminals.

For example, technology site Ars Technica has detailed how a $2,500 program called Silica can be used in conjunction with websites containing dictionaries of millions of words to connect to a secured network and crack its password.

Hashcat is another popular password hacking tool. Like Silica, it's paired with databases of millions of the most popular password combinations until it figures out the correct password. It works – and it's extremely easy to do, even for novice hackers [source: Porup].

But there's still an effective and efficient way to stop most hackers in their tracks: Use a secure password. The longer and harder to guess, the safer your network will be. With a strong password, you shouldn't ever have to worry about keeping tabs on who connects to your network. Piggybackers will have to find someone else to mooch off of.

Originally Published: Apr 30, 2009