/ FAQ

WiFi security questions, answered.

Plain-language answers about the attacks that target you on WiFi — and how WifiThreatWatch catches them.

How do I know if someone is on my WiFi or attacking my network?

Most WiFi attacks are silent — you won't see them without monitoring. WifiThreatWatch runs on Windows and watches your local network in real time, surfacing every device on it and flagging the signatures of an attack: a router being impersonated (ARP spoofing), a look-alike access point (evil twin), a device that was never there before (rogue device), or your DNS resolver changing unexpectedly. Real-time detection is free forever.

What is an evil twin WiFi attack?

An evil twin is a fake access point that broadcasts the same network name (SSID) as one you trust, to lure your device onto attacker-controlled hardware. Once connected, the attacker can intercept or tamper with your traffic. WifiThreatWatch uses two-tier, mesh-aware detection (checking BSSID, gateway MAC, and DNS resolver) to tell a real network apart from a clone without false-alarming on legitimate mesh systems.

What is ARP spoofing?

ARP spoofing is when an attacker on your local network impersonates your router so your traffic flows through them first — a man-in-the-middle position that lets them read or alter what you send. WifiThreatWatch detects it by capturing ARP frames off the wire as the attack happens, rather than polling a cache the attacker has already rewritten.

Is public WiFi safe?

Public WiFi is usually fine, but the times it isn't can cost you your passwords, messages, or money. The real risk is local-network attacks — evil twins, ARP spoofing, and man-in-the-middle — that a VPN cannot see. WifiThreatWatch detects those attacks on the network you're standing on, then can break the attacker's targeting and route you through an encrypted tunnel.

Does a VPN protect me from WiFi attacks?

A VPN encrypts your traffic for privacy, but it can't see or stop an attack happening on the local network — it doesn't tell you there's an evil twin or a man-in-the-middle in the room. As we put it: a VPN hides your traffic; WifiThreatWatch stops the attacker. They're different categories, and most people need both.

How can I detect a man-in-the-middle attack on WiFi?

A man-in-the-middle attack puts an adversary between you and the internet, usually via ARP spoofing or an evil twin. The tell-tale signs are at the network layer: your gateway’s MAC address changing, unsolicited ARP replies, or your DNS resolver being swapped. WifiThreatWatch watches for exactly these signals and confirms an attack is genuinely live before it alerts you.

What is a rogue device on my network?

A rogue device is hardware you never authorized that has joined your network — a foothold an attacker can use to scan, intercept, or pivot. WifiThreatWatch runs a concurrent subnet sweep that surfaces every device on your LAN and flags MAC addresses it has never seen before.

What operating systems does WifiThreatWatch support, and what does it cost?

WifiThreatWatch is a Windows app (Windows 10 and 11). Real-time WiFi attack detection, the threat dashboard, and live alerts are free forever. An optional subscription ($6.99/month or $69.99/year) adds Active Defense — which breaks the attacker’s targeting with MAC and IP randomization — plus a self-hosted encrypted VPN tunnel. First-time users also get a free 10-minute emergency trial of the paid response.

Stop guessing.
See what’s on your network.