Skip to the main content.
Talk to sales Start for free
Talk to sales Start for free

3 min read

What is piggybacking?

What is piggybacking?

The convenience of wireless networks brings the risk of unauthorized access, known as piggybacking. Piggybacking occurs when someone connects to a wireless network without the authorization of its administrators. 

 

What is piggybacking in cybersecurity?

Piggybacking in cybersecurity refers to using a wireless network without permission. When a Wi-Fi network is not protected with a password, anyone within its wireless range can connect. Unauthorized individuals often exploit this vulnerability, connecting to networks without the knowledge or permission of the network owner.

Piggybacking most commonly occurs in public places, such as coffee shops or businesses, where Wi-Fi networks can be accessed outside the premises. In these cases, individuals close to the network can easily connect and compromise its security.

 

How does piggybacking work?

To engage in piggybacking, the perpetrator must physically be close enough to the network router to connect their device. Once in range, the network name will appear on their device's list of available networks. There are two primary ways in which unauthorized access can be gained.

 

Unprotected networks 

The piggybacker can connect immediately if the network has not been protected with a password. This is the most common form of piggybacking, as many Wi-Fi networks are left unsecured by their owners.

 

Password-guessing or obtaining

If a password is required, the perpetrator can guess the password or find it out through various means before accessing the network. Weak or easily guessable passwords are particularly vulnerable to this type of attack.

Read also: Updated password guidelines by NIST 

 

Risks associated with piggybacking

Piggybacking poses several risks to both individuals and organizations. Understanding these risks is necessary for taking appropriate preventive measures. The following are some of the key risks associated with piggybacking:

 

Unauthorized data access

When someone piggybacks on a network, they can access sensitive information transmitted over it. This includes personal data, login credentials, and confidential business information.

 

Malware injection

Piggybacking provides an opportunity for perpetrators to inject malware into the network. Once inside the network, they can spread malware to connected devices, compromising their security and potentially causing significant damage.

 

Network performance degradation

Additional unauthorized users on a network can lead to a decrease in network performance. As more devices connect to the network, available bandwidth is divided, resulting in slower internet speeds for legitimate users.

 

Legal implications

Unauthorized access to networks is illegal in many jurisdictions. Engaging in piggybacking can lead to legal consequences, including fines and even imprisonment, depending on the severity of the offense.

Read more: What is malware? 

 

Piggybacking prevention techniques

It is important to implement effective prevention techniques to protect against piggybacking attacks and mitigate the associated risks. The following best practices can help safeguard your network:

 

Secure your Wi-Fi network

The first step is to secure your Wi-Fi network with a strong password. Use a combination of uppercase and lowercase letters, numbers, and special characters to create a complex password. Avoid using easily guessable passwords such as birth dates or common words.

 

Change default router settings

Hackers often exploit default router settings with known usernames and passwords. Change your router's default login credentials to unique and secure ones to prevent unauthorized access to its settings.

 

Enable network encryption

Utilize encryption protocols to encrypt the data transmitted over your network. Encryption ensures that even if someone manages to connect to your network, they won't be able to decipher the data being transmitted.

 

Disable remote management

Disable remote management features on your router to prevent unauthorized access to its settings from outside the network.

 

Regularly update router firmware

Keep your router's firmware updated to ensure it has the latest security patches and bug fixes. Routinely check for firmware updates from the manufacturer's website or enable automatic updates if available.

 

Monitor connected devices

Regularly check the list of connected devices on your network to identify unauthorized users. If you notice any unfamiliar devices, remove and block them immediately.

 

Educate users

Educate yourself and others about the risks of piggybacking and the importance of network security. Teach family members, employees, or colleagues about best practices for securing their devices and networks.

Related: How to identify and prevent malware in healthcare 

 

Piggybacking vs. tailgating: Understanding the difference

While piggybacking is commonly associated with unauthorized Wi-Fi access, it can also refer to physically accessing a restricted area through social engineering. 

In a piggybacking attack, the perpetrator convinces someone to give them access to a physical location by pretending to have a legitimate reason, such as impersonating an employee. Conversely, tailgating involves following closely behind an authorized person to gain entry to a restricted area.

Read more: What is a tailgating attack?

See also: HIPAA Compliant Email: The Definitive Guide 

 

In the news

Researchers discovered a new security vulnerability stemming from a design flaw in the IEEE 802.11 Wi-Fi standard. This flaw tricks victims into connecting to a less secure wireless network and eavesdropping on their network traffic. This vulnerability, known as the SSID Confusion attack (tracked as CVE-2023-52424), impacts all operating systems and Wi-Fi clients. 

The attack involves downgrading victims to a less secure network by spoofing a trusted network name so they can intercept their traffic or carry out further attacks, indicating the need for security measures to prevent unauthorized access and protect sensitive data from piggybacking attackers.

 

FAQs

What is piggybacking in the context of healthcare cybersecurity?

Piggybacking in healthcare cybersecurity refers to unauthorized individuals gaining access to a wireless network without permission when the network is unprotected by a password. This vulnerability allows anyone within the wireless range to connect to the network, potentially compromising the security of patient information and violating HIPAA regulations.

 

Why is piggybacking a concern for HIPAA compliance in healthcare settings?

Piggybacking is concerning because it can lead to unauthorized access to healthcare networks where patient information, medical records, and sensitive data protected under HIPAA are transmitted. This unauthorized access poses big risks to patient privacy and the security of electronic protected health information (ePHI).

 

What are the potential risks associated with piggybacking incidents under HIPAA?

Piggybacking incidents can result in unauthorized exposure of ePHI, breaches of patient confidentiality, and violations of HIPAA’s security and privacy requirements. Healthcare organizations found in non-compliance may face legal consequences, financial penalties, and reputational damage.

 

Subscribe to Paubox Weekly

Every Friday we'll bring you the most important news from Paubox. Our aim is to make you smarter, faster.