Wi-Fi standards, wireless security, why your signal sucks in the back bedroom, and what "public Wi-Fi" really exposes.
Wi-Fi = IEEE 802.11 family. Current standards are Wi-Fi 5 (ac), Wi-Fi 6 (ax) and Wi-Fi 7 (be). Wireless security matters because signals travel through walls โ anyone in range can capture your traffic unless it's encrypted. WPA3 is current best practice; WPA2 still widespread but has known weaknesses (KRACK); open Wi-Fi has NO encryption and should be treated as hostile. Use Enterprise (802.1X) for businesses/schools, PSK for homes.
7.1 How Wi-Fi Physically Works
Wi-Fi is just radio. Your phone has a tiny radio transmitter-receiver; so does the access point (AP) on the ceiling. They talk to each other using radio waves in specific frequency bands (typically 2.4 GHz, 5 GHz, and on newer hardware 6 GHz).
This has three consequences that matter for security:
Signals travel through walls โ weakly, but they do. An attacker in the car park can see your Wi-Fi.
Anyone with a radio can listen โ Wi-Fi is broadcast; your traffic isn't sent privately to one device.
Encryption is the only defence โ if the radio signal is scrambled, an attacker intercepting it just gets gibberish.
The second point is the big one. On a wired network, an attacker needs physical access to a cable or switch. On Wi-Fi, they just need to be near the building. This is why wireless security gets its own chapter.
7.2 Why Your Wi-Fi Sucks in Some Rooms
A few physics realities that everyone learns eventually:
Problem
Why it happens
Signal weakens through walls
Radio waves are absorbed by materials. Concrete and metal are the worst; brick is bad; wood is tolerable; plasterboard is barely noticeable.
2.4 GHz vs 5 GHz trade-off
2.4 GHz travels further and penetrates walls better; 5 GHz is faster but shorter range. Your phone automatically picks the best one per moment.
Interference from other devices
Microwaves, Bluetooth, baby monitors, neighbour's Wi-Fi โ all on overlapping 2.4 GHz frequencies
Too many devices on one AP
APs have finite capacity; 30 phones on one AP all compete for airtime
Signal reflection (multipath)
Signals bounce off metal surfaces โ can cause "dead spots" where reflected waves cancel the direct signal
REAL-WORLD FIX: If your home Wi-Fi is terrible in one room, it's usually because of walls between you and the router, not "bad Wi-Fi." Solution: a mesh system (multiple APs that work together), or a wired access point near the dead spot. Not a "signal booster" from Amazon, which rarely helps.
7.3 Wi-Fi Standards โ the 802.11 Family
Every Wi-Fi standard is a version of IEEE 802.11. Over the years, speed, range, and efficiency have improved; newer versions also get easier marketing names (Wi-Fi 4, 5, 6, 7) rather than the older cryptic letters (n, ac, ax, be).
Standard
Marketing name
Year
Max theoretical speed
Frequency
802.11n
Wi-Fi 4
2009
600 Mbps
2.4 + 5 GHz
802.11ac
Wi-Fi 5
2013
~3.5 Gbps
5 GHz
802.11ax
Wi-Fi 6 / 6E
2019 / 2020
~9.6 Gbps
2.4 + 5 (+ 6 for 6E) GHz
802.11be
Wi-Fi 7
2024
~46 Gbps
2.4 + 5 + 6 GHz
TRAP: "Max theoretical speed" is under laboratory conditions. Real-world performance is a fraction of it โ typically 20โ40% โ because of interference, distance, device capabilities, and shared airtime. Don't state theoretical speeds as if they're what users actually get.
7.4 Wireless Security โ The Core Topic
This is the heart of the chapter and the most examinable section. Every Wi-Fi network uses a security mode that determines how (or whether) traffic is encrypted and how devices authenticate.
The progression of Wi-Fi security
Standard
Year
Status
Why
Open (no security)
โ
โ ๏ธ Hostile โ avoid
No encryption. Any nearby attacker sees all traffic in plaintext.
WEP
1999
โ Broken since 2001
Encryption algorithm (RC4 + weak IVs) is cryptographically broken. Can be cracked in minutes.
WPA
2003
โ Obsolete
Interim fix for WEP. Also broken. Don't use.
WPA2
2004
โ ๏ธ Widespread but weakening
AES-based, much stronger than WPA. But has the KRACK vulnerability (2017) and is vulnerable to offline dictionary attacks against weak passwords.
WPA3
2018
โ Current standard
SAE (Simultaneous Authentication of Equals) replaces the weak handshake. Resistant to offline attacks. Mandatory on Wi-Fi 6 certification.
WPA2 vs WPA3 โ the comparison exam-graders love
Feature
WPA2
WPA3
Encryption
AES (still strong)
AES + stronger modes
Handshake
4-way handshake (vulnerable to KRACK and offline attacks)
SAE (Dragonfly) โ resistant to both
Weak password resistance
โ Attackers can capture the handshake and crack offline
โ Each password guess requires interacting with the AP โ infeasible at scale
Forward secrecy
No โ if the password is later cracked, past traffic can be decrypted
Yes โ past sessions stay secure even if password is compromised later
Protection for open networks
None
OWE (Opportunistic Wireless Encryption) encrypts even on open networks
Device compatibility
Universal
Wi-Fi 6+ devices and newer
EXAM ANSWER TEMPLATE: "WPA3 is more secure than WPA2 because: (1) its SAE handshake prevents offline dictionary attacks, (2) it provides forward secrecy โ past traffic stays safe even if the password is later compromised, and (3) it offers encryption on open networks via OWE." Three distinct points = 3 marks locked in.
PSK vs Enterprise โ two very different authentication models
WPA2 and WPA3 both come in two flavours:
PSK (Pre-Shared Key) / Personal
Enterprise (802.1X)
Password model
One password shared among everyone
Each user has their own username + password (or certificate)
Used for
Home networks, small offices, cafes
Schools, corporate networks, government
Setup complexity
Simple โ enter the SSID password
Complex โ requires a RADIUS server
What happens when an employee leaves?
Everyone has to change passwords
Just revoke their account
Accountability / logging
Can't tell who did what
Every connection is tied to a user account
Security
Depends entirely on password strength
Much stronger โ can use per-user certificates
WHY YOUR SCHOOL USES ENTERPRISE: Your school Wi-Fi almost certainly uses WPA2/3 Enterprise. When you connect, you log in with your own student account โ not a shared password. This gives the IT department three things: (1) accountability โ they know which student was on which device at which time, (2) easy revocation โ when you graduate, your access is disabled without disrupting anyone else, and (3) per-user policies โ staff and students can get different permissions on the same Wi-Fi.
7.5 Open Wi-Fi โ Why It's Dangerous
"Open" Wi-Fi means the network has no password and no encryption. You see it labelled "Free Airport WiFi," "Cafe_Guest," or similar โ and it's a real risk even though it feels normal.
On open Wi-Fi, every packet your device sends is broadcast unencrypted through the air. Anyone nearby with a laptop and free software (like Wireshark) can capture it. What they see depends on what else is protecting your traffic:
Traffic over HTTPS stays encrypted end-to-end (the TLS tunnel protects you even though the Wi-Fi underneath is open). The attacker sees that you're connecting to, say, instagram.com, but not the contents.
Traffic over HTTP (unencrypted) is fully visible โ passwords, messages, everything.
Traffic from older apps that don't use TLS properly is visible too.
TRAP: "HTTPS makes public Wi-Fi safe" โ half-true. HTTPS protects your web browsing contents, which is most of what students actually do. But not all apps encrypt properly, and you still leak metadata (which sites you visit, when, for how long). Public Wi-Fi is safer than it used to be because HTTPS won, but "safe" is overstating it.
The evil twin attack
The worst version of the open-Wi-Fi threat: an attacker sets up their own AP with a plausible name ("Free_Airport_WiFi", "Hotel_Guest") in a busy area. Users connect without checking. Now the attacker is the default gateway โ a perfect man-in-the-middle position (covered in Chapter 10).
The attacker's AP has the same SSID as the real one. Phones auto-join whichever has the stronger signal โ often the closer, rogue one.
HOW TO PROTECT YOURSELF on public Wi-Fi:
1. Use a VPN โ encrypts all your traffic regardless of whether the destination supports HTTPS.
2. Don't auto-connect to previously-used SSIDs. Disable "auto-join" for open networks.
3. Heed browser security warnings โ if HTTPS warnings appear on sites that worked before, an MITM might be active.
4. Use cellular data for anything sensitive (banking, password reset) when abroad or in airports.
7.6 Other Wireless You'll Encounter
Bluetooth
Short-range wireless (typically <10m) for device-to-device connections โ headphones, smartwatches, file transfers, keyboards. Uses 2.4 GHz, same as Wi-Fi, but with short hops and tight pairing.
Security considerations:
Modern Bluetooth pairings are encrypted, but older "Just Works" pairings are vulnerable to eavesdropping during setup
BlueBorne (2017) โ a family of vulnerabilities that allowed attackers near a victim's phone to take over Bluetooth without pairing. Patched by now but shows the risk surface.
AirDrop abuse โ Apple's AirDrop uses Bluetooth + Wi-Fi Direct. Leaving it set to "Everyone" in crowds can expose your device to unwanted pairing requests.
Turn Bluetooth off when not in use โ reduces attack surface and saves battery.
Cellular (3G/4G/5G)
Long-range wireless run by telcos (Telstra, Optus, Vodafone in Australia). Encrypted end-to-end between your phone and the tower by design. Generally more secure than public Wi-Fi because the telco is responsible for the infrastructure.
Generation
Typical speed
Security
3G
~1โ2 Mbps
Vulnerable โ being phased out
4G / LTE
10โ100 Mbps
Strong encryption; mutual authentication
5G
100 Mbps โ 1+ Gbps
Enhanced encryption, better subscriber privacy
RFID / NFC
Very short range (cm to meters). RFID is used in public transport cards, swipe badges, library books. NFC is a type of RFID used in phones for tap-to-pay (Apple Pay, Google Pay). Because the range is tiny, attacks require physical proximity โ but skimmers (readers hidden in wallets or bags) can sometimes steal low-security RFID info.
7.7 The Wireless Section of a Security Design
When designing a network (Chapter 16), the wireless plan deserves its own attention. A competent answer includes:
Separate SSIDs for different user groups โ e.g., Staff, Student, Guest at a school. Different VLANs behind them.
WPA3 Enterprise for staff/students โ per-user authentication and accountability.
WPA2/3 Personal with a strong shared password for guest (or a captive portal for guest terms-of-use acceptance).
Guest network is VLAN-isolated โ no path from guest Wi-Fi to internal systems.
Rogue AP detection โ monitoring to catch unauthorised APs plugged into the network.
Regular firmware updates on APs and controllers to patch known vulnerabilities (KRACK, FragAttacks, etc.).
EXAM PATTERN โ "How would you secure wireless for a business?":
"WPA3 Enterprise with individual user accounts linked to RADIUS, so access is per-user and revocable. Separate SSIDs for staff vs guest traffic, each mapped to an isolated VLAN. Guest network cannot reach internal systems. APs centrally managed with automatic firmware updates. Rogue-AP detection enabled. This mitigates credential sharing, unauthorised access, lateral movement from guest networks, and known vulnerabilities in outdated firmware."
Hits: authentication model, segmentation, patching, detection โ that's a 4+ mark answer.
7.8 Quiz Time
You're at a cafe and see two Wi-Fi networks: "Cafe_Guest" and "Cafe_Guest_5G" both with locks showing WPA2. Is this a problem?
Possibly. The cafe might legitimately run two SSIDs on different frequency bands, in which case this is normal. But two networks with nearly identical names is also a classic evil twin setup. The safest move: ask the cafe which one is theirs before connecting, or use cellular data. If you must connect, verify by checking the actual physical AP's label, or use a VPN to protect your traffic regardless of which one is genuine.
A school currently uses WPA2-PSK with one Wi-Fi password shared with all students. They're considering WPA3-Enterprise. What are three security benefits?
(1) Individual accountability โ each student authenticates with their own account, so network logs identify which specific user did what. Under PSK, everyone looks identical.
(2) Easy revocation โ when a student graduates, their individual account is disabled. Under PSK, one shared password either stays valid for everyone or has to be changed for everyone.
(3) Resistance to offline attacks โ WPA3's SAE handshake prevents attackers from capturing handshakes and cracking the password offline. WPA2-PSK handshakes can be cracked if the password is weak.
Bonus: forward secrecy โ if a credential is compromised later, past traffic isn't retroactively decryptable.
Explain why you'd still want a VPN on "WPA3 Enterprise" secured Wi-Fi at your workplace.
WPA3 Enterprise only secures the first hop โ from your device to the access point. Once your traffic is inside the workplace network, it flows to your ISP and then across the internet, where it's only protected if the application uses HTTPS/TLS. A VPN encrypts ALL your traffic between your device and the VPN server, regardless of what the endpoint supports. It's also useful when working remotely โ you can tunnel back into the workplace network securely. Multiple layers = defence in depth.
Why is an open Wi-Fi network a concern even if most modern websites use HTTPS?
HTTPS protects the contents of your web traffic, but an attacker on the same open Wi-Fi can still see: (1) metadata โ which domains you visit, at what times, for how long; (2) any traffic from legacy apps that don't use TLS properly; (3) DNS queries (unless you're using DoH/DoT); (4) they can also perform an evil twin and attempt MITM, which may succeed against users who ignore certificate warnings. Open Wi-Fi isn't catastrophic with HTTPS-everywhere, but "open" implies zero encryption at the Wi-Fi layer itself, which is a meaningful weakness.