Table of Contents
The majority of households think that their home Wi-Fi network is sufficiently protected as long as a password is in place. However, a setting often left active by default opens the door to unauthorized connections, sometimes without noise or visible alert. This setting, rarely modified after the installation of the box, can turn a private network into an easy target, even with a complex password.
During the installation of an Internet box, the user focuses on two points
the network name
the Wi-Fi password
Once the connection is operational, few people explore the advanced settings. Yet, it is precisely in these parameters that the weak point is found. Some mechanisms facilitate the connection of devices… but also that of an intruder located nearby.
According to a study conducted by ANSSI, more than 57% of the home Wi-Fi networks analyzed have at least one setting unnecessarily exposing the network, despite active encryption
The setting most often at fault is the WPS permanently enabled. Wi-Fi Protected Setup allows a device to connect without entering the password, via a physical button or a PIN code.
On paper, the idea is appealing. In reality, this system relies on an 8-digit PIN code, whose structure significantly reduces the number of possible combinations. Automated tools can test these combinations in a few hours, sometimes less depending on the router.
Once the WPS is exploited, the intruder gains full access to the network, without ever knowing the main Wi-Fi password.
Access to the Wi-Fi network is not limited to using the Internet for free. It offers much more:
• observation of unencrypted traffic
• detection of connected devices
• attempt to access internal equipment
• exploitation of vulnerabilities on connected objects
In a home equipped with cameras, voice assistants, or connected plugs, this type of intrusion can have serious consequences.
Analyses show that nearly 40% of home connected objects use poorly secured internal protocols, accessible once the local network is compromised.
The main reason is simple
WPS is enabled by default on many routers provided by operators
This choice aims to reduce calls to technical support. Connecting a printer or a repeater becomes easier. But this ease comes at the expense of network control.
Another misleading point
the WPS indicator is only active during a connection
which gives the impression that the function is inactive the rest of the time, while it remains exploitable.
Some households are more concerned than others
• apartments in dense buildings
• houses close to the public road
• urban areas with a high concentration of networks
• homes equipped with many connected devices
In these environments, a Wi-Fi network is detectable from the outside, sometimes several tens of meters away. Access attempts often go unnoticed because they do not immediately disrupt the connection.
A compromised network does not always show obvious symptoms. However, some signs should attract attention:
• occasional drop in speed without apparent reason
• unknown devices visible in the box interface
• random disconnections of certain equipment
• abnormal data consumption
In more than 60% of the cases studied, users do not realize that their network has been used by a third party until several weeks later.
Many think that a long and complex password fully protects the Wi-Fi. This is only true if all alternative connection methods are disabled.
WPS completely bypasses this protection. Even with a 20-character password, a router vulnerable to WPS remains exploitable.
This is one of the reasons why some experts consider this parameter as the number one weak point of modern home networks.