The convenience of wireless networks brings the risk of unauthorized access, known as piggybacking. Piggybacking occurs when someone connects to a wireless network without the authorization of its administrators.
Piggybacking in cybersecurity refers to using a wireless network without permission. When a Wi-Fi network is not protected with a password, anyone within its wireless range can connect. Unauthorized individuals often exploit this vulnerability, connecting to networks without the knowledge or permission of the network owner.
Piggybacking most commonly occurs in public places, such as coffee shops or businesses, where Wi-Fi networks can be accessed outside the premises. In these cases, individuals close to the network can easily connect and compromise its security.
To engage in piggybacking, the perpetrator must physically be close enough to the network router to connect their device. Once in range, the network name will appear on their device's list of available networks. There are two primary ways in which unauthorized access can be gained.
The piggybacker can connect immediately if the network has not been protected with a password. This is the most common form of piggybacking, as many Wi-Fi networks are left unsecured by their owners.
If a password is required, the perpetrator can guess the password or find it out through various means before accessing the network. Weak or easily guessable passwords are particularly vulnerable to this type of attack.
Read also: Updated password guidelines by NIST
Piggybacking poses several risks to both individuals and organizations. Understanding these risks is necessary for taking appropriate preventive measures. The following are some of the key risks associated with piggybacking:
When someone piggybacks on a network, they can access sensitive information transmitted over it. This includes personal data, login credentials, and confidential business information.
Piggybacking provides an opportunity for perpetrators to inject malware into the network. Once inside the network, they can spread malware to connected devices, compromising their security and potentially causing significant damage.
Additional unauthorized users on a network can lead to a decrease in network performance. As more devices connect to the network, available bandwidth is divided, resulting in slower internet speeds for legitimate users.
Unauthorized access to networks is illegal in many jurisdictions. Engaging in piggybacking can lead to legal consequences, including fines and even imprisonment, depending on the severity of the offense.
Read more: What is malware?
It is important to implement effective prevention techniques to protect against piggybacking attacks and mitigate the associated risks. The following best practices can help safeguard your network:
The first step is to secure your Wi-Fi network with a strong password. Use a combination of uppercase and lowercase letters, numbers, and special characters to create a complex password. Avoid using easily guessable passwords such as birth dates or common words.
Hackers often exploit default router settings with known usernames and passwords. Change your router's default login credentials to unique and secure ones to prevent unauthorized access to its settings.
Utilize encryption protocols to encrypt the data transmitted over your network. Encryption ensures that even if someone manages to connect to your network, they won't be able to decipher the data being transmitted.
Disable remote management features on your router to prevent unauthorized access to its settings from outside the network.
Keep your router's firmware updated to ensure it has the latest security patches and bug fixes. Routinely check for firmware updates from the manufacturer's website or enable automatic updates if available.
Regularly check the list of connected devices on your network to identify unauthorized users. If you notice any unfamiliar devices, remove and block them immediately.
Educate yourself and others about the risks of piggybacking and the importance of network security. Teach family members, employees, or colleagues about best practices for securing their devices and networks.
Related: How to identify and prevent malware in healthcare
While piggybacking is commonly associated with unauthorized Wi-Fi access, it can also refer to physically accessing a restricted area through social engineering.
In a piggybacking attack, the perpetrator convinces someone to give them access to a physical location by pretending to have a legitimate reason, such as impersonating an employee. Conversely, tailgating involves following closely behind an authorized person to gain entry to a restricted area.
Read more: What is a tailgating attack?
See also: HIPAA Compliant Email: The Definitive Guide
Researchers discovered a new security vulnerability stemming from a design flaw in the IEEE 802.11 Wi-Fi standard. This flaw tricks victims into connecting to a less secure wireless network and eavesdropping on their network traffic. This vulnerability, known as the SSID Confusion attack (tracked as CVE-2023-52424), impacts all operating systems and Wi-Fi clients.
The attack involves downgrading victims to a less secure network by spoofing a trusted network name so they can intercept their traffic or carry out further attacks, indicating the need for security measures to prevent unauthorized access and protect sensitive data from piggybacking attackers.
Piggybacking in healthcare cybersecurity refers to unauthorized individuals gaining access to a wireless network without permission when the network is unprotected by a password. This vulnerability allows anyone within the wireless range to connect to the network, potentially compromising the security of patient information and violating HIPAA regulations.
Piggybacking is concerning because it can lead to unauthorized access to healthcare networks where patient information, medical records, and sensitive data protected under HIPAA are transmitted. This unauthorized access poses big risks to patient privacy and the security of electronic protected health information (ePHI).
Piggybacking incidents can result in unauthorized exposure of ePHI, breaches of patient confidentiality, and violations of HIPAA’s security and privacy requirements. Healthcare organizations found in non-compliance may face legal consequences, financial penalties, and reputational damage.