Until KRACK is fully fixed, everyone needs to pay extra attention to WiFi security, and the cornerstone of any WiFi security approach is strong access control. If you’d like to learn how to see who is on your WiFi, this article is for you.
Recently, two Belgian researchers discovered a critical vulnerability in the Wi-Fi Protected Access II (WPA2) implementations on most wireless networking devices that use the protocol. The name of this vulnerability is KRACK (Key Reinstallation AttaCK), and it allows attackers to steal sensitive data, including passwords, credit card numbers, or chat messages.
There are several clues that can help you indirectly detect that someone is using your WiFi. If you’re lucky, you might even be able to tell who that person is without using any special tools to directly analyze your wireless network.
If your download and upload speeds are consistently below what they should be, the chances are that someone is on your WiFi, using it to download stuff from the Internet. But don’t be too quick to jump a conclusion because a single slowdown can be caused by a number of different things, such as a background update process or even a regular maintenance task executed on your router.
A sudden connection drop could mean that someone is trying to join your wireless network, most likely using rather brutish means to guess the password, overwhelming your router and causing it to be unresponsive.
When you log in to the admin interface of your router and see unknown devices on the list of attached devices, it could mean that someone who definitely shouldn’t have access to your wireless network is using it to access the Internet. But depending on how your router stores login information, the attached devices could also just be smartphones and wearables belonging to the people who have visited your house before.
If you don’t depend on fast Internet access and are a generous person by nature, you might be wondering, “Why should I care who’s on my WiFi in the first place?” The answer to this question has everything to do with security and privacy.
As you may know, most modern wireless networks are encrypted. Wireless encryption ensures that anyone who doesn’t have the encryption password can’t snoop on you and possibly steal your private information. When someone joins your wireless network, either because the person has managed to steal your password or because you gave the person the password yourself, the encryption stops affecting your security with respect to them.
Depending on how your computer and other devices are configured, a stranger who joins your WiFi might gain access to the files that you share among computers, printers, and other connected devices. While it’s certainly possible to restrict access to these files, most people lack the required know-how, and it’s almost always easier to stop the intruder before the gates rather than allowing him or her to enter the town and then locking every door individually.
But perhaps the most important reason why you shouldn’t let strangers use your WiFi is security. The sad truth is that most computer users have terrible habits when it comes to security and seldom take even the most basic security precautions.If someone on your network gets infected by a dangerous strain of malware, the malicious software could spread to other computers and devices on the network. Some types of malware focus specifically on WiFi routers, either using their resources for malicious purposes or taking advantage of their central role to attack as many people as possible.
By far the simplest way how you can answer yourself the question “Who’s on my WiFi?” is by checking your router’s logs. Virtually all routers keep some sort of a record of past and current connections, usually stating both the IP address of every connected device and its name.
If you notice that an iPhone 8 is connected to your home wireless network even though you don’t own a single Apple device and are sure that neither do your friends and family, it’s possible that the iPhone belongs to someone who has no business being on your network.
If your router allows you to disconnect a connected device from the admin interface, don’t hesitate to do so. Just remember to also change your password otherwise the intruder might reconnect the second you go back to minding your own business.
We also encourage you to download a comprehensive WiFi analysis application, such as NetSpot, to understand the reason why someone has successfully joined your wireless network. NetSpot can create an easy-to-understand heat map of your wireless signal strength so you can determine how far from your router someone could be and still have access to your wireless network.
What’s more, NetSpot can also give you accurate information about the security of your wireless network as well as the channel on which the network is broadcasted. With the information provided by NetSpot, it’s easy to optimize your WiFi so that strangers can’t steal your bandwidth anymore.
A lot of sensitive information is being sent and received over wireless connection: passwords, identity information, payment card credentials, private correspondence, etc. A vulnerability exploit attack on WPA2 — one of the most secure protocols for wireless networks — can intercept and get hold of this important information.
Keeping your security protocol as well as your devices hardware up-to-date is rather important in order to not fall a victim of such an attack.
Here are a few ways to detect if someone is connected to your WiFi:
It is of course up to you, but we wouldn't recommend letting strangers use your WiFi. You might be lucky and someone is just looking for a free way to browse some basic stuff online and disconnects quickly. But what if someone connecting to your network is already infected by malware that spreads over WiFi? To avoid dealing with such an unpleasant situation, we'd recommend keeping your network password-protected and only letting in those people you know personally.
By far the simplest method to find an answer to “Who’s on my WiFi?” question is to check the logs in your router's admin console. Usually you log in by entering your router’s IP address into a web browser search box. Then log in to your router with your credentials, default ones are usually indicated in router's documentation (and yes, it is best if you have changed them!).
Once logged in, find a section dedicated to connected devices and compare their IP or MAC addresses, as well device names to the ones you have. Kick out the ones that look suspicious.