What is piggybacking?
Piggybacking is a cybersecurity term for using a wireless network without the authorization of its administrators.
If a Wi-Fi network has not been protected with a password, anyone who is physically within wireless range of the router can connect to it. Doing so without permission is called piggybacking.
A common example of piggybacking involves people connecting to the Wi-Fi of a business — a coffee shop, for example — without the knowledge or permission of the owners. This often happens if the Wi-Fi can be accessed from outside of the premises (in a nearby apartment, for example, or a neighboring business).
How does piggybacking work?
Before engaging in piggybacking, the perpetrator needs to be physically close enough to the network router to connect their device.
Once they are nearby, the network name will appear on their device’s list of available networks. At this point, there are two ways in which they can access the wireless connection.
If the network has not been protected with a password, the piggybacker can connect right away. This is the most common form of piggybacking. Alternatively, if a password is needed to connect, the perpetrator can either guess the password or find this information out before accessing the network.
It should be noted, however, that the term is also used in an entirely separate area of computing, which we will cover now.
Piggybacking and bandwidth
The term piggybacking is also used to describe a process in which data is transferred more efficiently across a computer network, using minimal channel bandwidth.
When two devices are communicating across a network, data is sent from one to the other in tiny segments called data frames. A data frame moves along a channel in a process referred to as data transmission.
Imagine that Device A transmits a data frame to Device B. When the outgoing data frame reaches its destination, Device B sends an acknowledgement back to Device A to confirm that the transmission was a success. Then, after acknowledgement, Device B sends its own data frames back to Device A, which then acknowledges them, and so on.
Piggybacking in this context means attaching acknowledgement to whatever data packet Device B is going to send back to Device A. Instead of using a separate transmission, the acknowledgement is bundled in with the next data frame. When combined with full duplex transmission, this process maximizes available channel bandwidth and improves efficiency on computer networks.
This type of piggybacking has nothing to do with unauthorized Wi-Fi access, so it is important to distinguish between these definitions. Piggybacking also has a third meaning, which again is unrelated to authorized Wi-Fi access: piggybacking as a means of entry to a physical location.
Differences between piggybacking and tailgating
Piggybacking can also refer to physically accessing a restricted space through social engineering. This is very similar to, but not the same as, tailgating.
In a piggybacking attack, the attacker convinces someone to give them access to a physical location. The perpetrator might approach a security guard or a receptionist and claim to have a legitimate reason to enter a building (by pretending to be an employee, for example).
Tailgating, by contrast, usually involves someone entering a restricted area close behind an authorized person, who may not be aware of their presence. If a pin-protected door is left open, or closes slowly behind someone, a tailgater can slip through. Once inside, they may be able to steal sensitive information or even install malware on devices.
Despite these subtle differences, the terms tailgating and piggybacking are often used interchangeably. However, piggybacking in this context is separate from wireless piggybacking — connecting to Wi-Fi without permission.
Examples of piggybacking
Wi-Fi piggybacking occurs in several common ways.
- Unprotected businesses. If a business doesn’t protect its Wi-Fi with a password, they are at risk from piggybacking.
- Publicly available passwords. Even if a network is password protected, its password might still be available to unauthorized users. For example, if a coffee shop displays its password information on its premises, a piggybacker could enter the location, take note of this information, and then leave.
- Personal hotspots. If you use your smartphone or other personal device as a hotspot without a strong password (or any password), anyone in your immediate vicinity might be able to use your network.
- Home routers. Most routers are password protected, but people often change their network keys, making them easier to remember and, consequently, easier to crack. If your router is not adequately protected, piggybackers could use your network without your permission.
Piggybacking security: How to prevent piggybacking attacks
Follow these steps to protect your Wi-Fi from unwanted intruders.
Use strong passwords
The most effective step you can take to prevent piggybacking is to protect your network with strong passwords. These should be long, complex strings of random letters, symbols, and numbers, composed of at least ten characters. Maintaining strong passwords is always a good idea, as it lowers the likelihood of data breaches and other threats. It’s important to keep passwords safe, so don’t share your passwords widely or display them publicly.
Change passwords regularly
If you never change your network password, anyone who connects to your Wi-Fi will always be able to reconnect in the future. The simplest solution to this problem is to change your network key regularly. If you’re wondering how to protect your Wi-Fi from neighbors and other outsider users, this is a useful step.
Monitor connected devices
Check your network settings to see what devices are currently connected to the Wi-Fi. If you notice an unknown user on your network, remove and block them immediately.