The convenience of wireless networks brings the risk of unauthorized access, known as piggybacking. Piggybacking occurs when someone connects to a wireless network without the authorization of its administrators.
What is piggybacking in cybersecurity?
Piggybacking in cybersecurity refers to using a wireless network without permission. When a Wi-Fi network is not protected with a password, anyone within its wireless range can connect. Unauthorized individuals often exploit this vulnerability, connecting to networks without the knowledge or permission of the network owner.
Piggybacking most commonly occurs in public places, such as coffee shops or businesses, where Wi-Fi networks can be accessed outside the premises. In these cases, individuals close to the network can easily connect and compromise its security.
How does piggybacking work?
To engage in piggybacking, the perpetrator must physically be close enough to the network router to connect their device. Once in range, the network name will appear on their device's list of available networks. There are two primary ways in which unauthorized access can be gained.
Unprotected networks
The piggybacker can connect immediately if the network has not been protected with a password. This is the most common form of piggybacking, as many Wi-Fi networks are left unsecured by their owners.
Password-guessing or obtaining
If a password is required, the perpetrator can guess the password or find it out through various means before accessing the network. Weak or easily guessable passwords are particularly vulnerable to this type of attack.
Read also: Updated password guidelines by NIST
Risks associated with piggybacking
Piggybacking poses several risks to both individuals and organizations. Understanding these risks is necessary for taking appropriate preventive measures. The following are some of the key risks associated with piggybacking:
Unauthorized data access
When someone piggybacks on a network, they can access sensitive information transmitted over it. This includes personal data, login credentials, and confidential business information.
Malware injection
Piggybacking provides an opportunity for perpetrators to inject malware into the network. Once inside the network, they can spread malware to connected devices, compromising their security and potentially causing significant damage.
Network performance degradation
Additional unauthorized users on a network can lead to a decrease in network performance. As more devices connect to the network, available bandwidth is divided, resulting in slower internet speeds for legitimate users.
Legal implications
Unauthorized access to networks is illegal in many jurisdictions. Engaging in piggybacking can lead to legal consequences, including fines and even imprisonment, depending on the severity of the offense.
Read more: What is malware?
Piggybacking prevention techniques
It is important to implement effective prevention techniques to protect against piggybacking attacks and mitigate the associated risks. The following best practices can help safeguard your network:
Secure your Wi-Fi network
The first step is to secure your Wi-Fi network with a strong password. Use a combination of uppercase and lowercase letters, numbers, and special characters to create a complex password. Avoid using easily guessable passwords such as birth dates or common words.
Change default router settings
Hackers often exploit default router settings with known usernames and passwords. Change your router's default login credentials to unique and secure ones to prevent unauthorized access to its settings.
Enable network encryption
Utilize encryption protocols to encrypt the data transmitted over your network. Encryption ensures that even if someone manages to connect to your network, they won't be able to decipher the data being transmitted.
Disable remote management
Disable remote management features on your router to prevent unauthorized access to its settings from outside the network.
Regularly update router firmware
Keep your router's firmware updated to ensure it has the latest security patches and bug fixes. Routinely check for firmware updates from the manufacturer's website or enable automatic updates if available.
Monitor connected devices
Regularly check the list of connected devices on your network to identify unauthorized users. If you notice any unfamiliar devices, remove and block them immediately.
Educate users
Educate yourself and others about the risks of piggybacking and the importance of network security. Teach family members, employees, or colleagues about best practices for securing their devices and networks.
Related: How to identify and prevent malware in healthcare
Piggybacking vs. tailgating: Understanding the difference
While piggybacking is commonly associated with unauthorized Wi-Fi access, it can also refer to physically accessing a restricted area through social engineering.
In a piggybacking attack, the perpetrator convinces someone to give them access to a physical location by pretending to have a legitimate reason, such as impersonating an employee. Conversely, tailgating involves following closely behind an authorized person to gain entry to a restricted area.
Read more: What is a tailgating attack?
See also: HIPAA Compliant Email: The Definitive Guide
Farah Amod
