Stop thieves from stealing your Wi-Fi bandwidth

The writer shares his learning experience on tweaking his home’s broadband Wi-Fi routers, after experiencing problems with his home webcam which he traced to a lack of bandwidth. If you do not take steps to safeguard your Wi-Fi network from thieves you will always have bandwidth problems which will affect the internet experiences of legitimate users. That is despite you paying around RM150 – 200 a month for the service!

To safeguard our house, especially when I was living close to 450 km away in Penang (from 2015 – end of 2016), I installed a couple of low cost but very reliable Xiaomi Yi Smart Webcam which worked on our home Wi-Fi network. I could, using my smartphone in Penang, watch over the key areas of my house in USJ! In fact I liked this model so much that I bought over 10 of these to be put around my former college to ensure that key installations and key exits were “guarded”. It put the night security staff on “higher alert” as my team and I would be monitoring these webcams periodically using our smartphones and took necessary actions accordingly.

Difficulties for webcam to access home wi-fi network

Things went well on the homefront in USJ but we did face periodic break in webcams connection to the network. The problem got worse in the last 10 months and at times in the evening till late night, the webcams would be blinking (meaning the gadget was working but could not log onto the home wireless network). We blamed everything from the hardware to Xiaomi’s server (which I think serves as the relay for the access from our mobile phones). It was then that I realized that it could be that thieves (or at least a thief) was/were stealing our bandwidth and this was the cause of the blinking smart webcams. I went on a search to find ways to strengthen the security of my home Wi-Fi network.

I have Telekom Malaysia’s Unifi service since 2012 and thus when I searched for instructions to manage my D-Link DIR-615 router on Google, I got a lot of instructions, but all were for newer versions of routers with the same name. I do not know why D-Link is so lazy as to not name newer versions of the same hardware slightly differently. An addition “C” or “E” or whatever after “615” would have made life easier for users.

So all those instructions and Youtube videos on how to manage D-Link DIR 615 router that I Googled were useless to me. I had to do this by trial and error and I was on my own. So if you own an old orange coloured TM-issued D-Link DIR 615 router modem, this is for you!

IMG_20170913_170532.jpg

If you have a router that is newer, then the information I have may not be fully applicable to you and you may still get instructions by Googling. But the principles are the same.

Gain access to administer the Wi-Fi router

For DIR-615, (and I think for most routers) the default to access the admin functions is just type in 192.168.0.1 as the URL for your browser.

The “underbelly” of routers usually carry information on how to access the admin functions.

Change your Wi-Fi admin password

This should have been done by me in 2012 but I somehow missed this step. So the thieves around my neighbourhood could easily guess the default was “ “ (D-Link says, “leave the field blank”). The standard-issued username was of course “admin”.

While the firmware does not allow one to change the username from “admin”, one should change the admin’s password to something more complicated using combination of “spaces”, capital letters, numbers and special characters like “#” etc.

But if you have not changed the admin’s password on the onset, the thieves would have been able to settle in and still bypass your Wi-Fi password even you have, like I did, changed this to something more complicated. It is like having the front door locked but leaving the backdoor wide open!

This is how you can change the admin’s password on the old D-Link DIR-615 router (2012 vintage):

073f6d97-b7d8-4c8b-9fb6-480d16fcad54.png

After you have logged in using the default admin access credentials….

Go to MAINTENANCE (among the top tabs) and you should be at Device Administration (on the left hand sidebar) by default. Change the admin’s password under “ADMIN PASSWORD” as shown above.

Change the Wi-Fi password

Although you would have put in a password when your Wi-Fi router was installed, like me, this could be a good few years back. It is necessary for this password to be changed! For the TM version of D-Link DIR-615 router, this can be done, relatively easily as follows:

97eafdf4-2fa0-4993-899c-3f64e4b0f4a0.png

From the “home” screen, go to SETUP and choose Wireless Setup on the left sidebar (as shown). You need to scroll down the screen to reach the sections of this screen that you want.

facb5342-c7b0-423d-bb62-fe97f45de62d.png

If you have more than one Wi-Fi router connected (including Wi-Fi extenders), you will need to look for MULTIPLE WIRELESS NETWORK SETTINGS. Under “Wireless Network Name” you should be able to find the names of the routers and you should choose the one that is given to DIR-615.

Next, go down one section to WIRELESS SECURITY MODE and at the drop down list, select “Enable WPA/WPA2 Wireless Security (enhanced)”.

Then move one section down to WPA/WPA2 and under “Network Key”, put in your new Wi-Fi access password. Do choose some phrases or names that are not common. You should also use a combination of UPPER CASE, lower case, special characters (like !@#$%) and numbers. Jot this down somewhere so that you need not remember this. But do remember where you have written down this new password!

Of course, your password is as strong as you are able to keep it a secret. If you or your family members share this password with the neighbourhood, sooner or later thieves will gain access and scrounge on your bandwidth!

So is there a way to NOT rely fully on Wi-Fi password as the gatekeeper? Luckily for us, there is. It is called MAC address.

 

MAC filtering to the rescue

Every piece of modern electronic equipment that can connect to the internet should come with its own Media Access Control (MAC) address, i.e. a unique set of identification characters that come in 6 “pairs” of characters (e.g FF), numbers (e.g 28) or one of each (e.g. G8). This allows a router to be set on MAC filtering mode which only allows intended devices with MAC addresses registered (manually by the Administrator) access to the Wi-Fi while keeping away thieves on the prowl!

Get the MAC addresses of your devices first

Before you start to activate MAC filtering, you should go and check out the MAC Addresses of all the mobile devices that your household has and jot these down in a physical notebook. Different operating systems will have different places where MAC Address of the device can be found.

For Android phones, this is “buried” under Settings → About phone → Status → WLAN MAC address.

For Kindle, you need to go to Settings → Wireless → Wi-Fi → select the top right “3 bottons” for additional settings → Advance Wi-Fi where MAC address is located.

For iOS devices, this site gives a very simple way to locate your MAC address.

Whichever device that you have, MAC address “comes” in as a “standard issue” for any Wi-Fi capable device and with a bit of probing, you should be able to find it. Once you have all the MAC addresses of your mobile devices which need Wif-Fi access, you can proceed to enable MAC filtering.

Relatively straightforward MAC filtering for TM’s DIR-615

MAC filtering1.png

You should choose ADVANCED → Advanced Wireless (on the left side bar).

MAC-filtering2.png

Next, go to the section named WIRELESS MAC FILTER. Under SSID, you should choose the network that your router is associated, if you have only one network, there would be the only choice.

Then you should configure the wireless MAC filter under “Configure wireless MASS Filter Rules below:” and choose “Turn Wireless MAC Filter ON and ALLOW these computers access wireless”. This option will stop any devices not registered on your MAC filter list from connecting to your router.

The last part is to put in the 6 pairs of 2 characters MAC addresses of your chosen 10 devices in the next line under “MAC Address”. Note that the separator between each pair of characters for DIR-615 is a colon, “:”. Different routers use different separators!

When you have completed your list of 10 devices, you should click “Reboot” on the bottom of the left sidebar, then the router is now on MAC filtering mode.

What if my family has more than 10 mobile devices?

As TM’s DIR-615 restricts the number of MAC addresses that you can put in the list to just 10 which may not be enough for all the mobile devices that a modern family of four will have (4 smartphones, 2 tablets and 4 laptops and you have reached the limit!). If this is the case, like my family, and out of necessity to extend the range of our Wi-Fi coverage, we have another Wi-Fi router / extender which gives us another 14 slots! These extenders are relatively cheap nowadays.

No guarantee!

There is no guarantee that the thief or thieves who has/have been stealing my bandwidth will hack into my Wi-Fi routers again, but by doing the three steps, namely, changing the Admin password, changing the Wi-Fi password and dong MAC filtering to allow only “own” devices access to the Wi-Fi may keep the opportunistic thieves at bay. Of course the bets are off when there are more sophisticated thieves with better hacking software out there. However, if you do nothing, then the leakage of your bandwidth can surely affect the quality of your own broadband access which is not really cheap in Malaysia.

Leave a Reply

Your email address will not be published. Required fields are marked *