11 {{ upvoteCount | shortNum }}
11 {{ upvoteCount | shortNum }}

Is Public Wi-Fi Safe?

by kilgore
8 replies
  • OFF TOPIC
    • |
"We took a hacker to a café and, in 20 minutes, he knew where everyone else was born, what schools they attended, and the last five things they googled."
https://medium.com/matter/heres-why-...d-dd5b8dcb55e6

Ever since I started working from home full time, I've enjoyed the ability to move my office for the day or an afternoon to a coffee shop or the library. After reading this article, I'll definitely be more careful when I do, routing all my traffic through my VPN. And if you use public wi-fi, I highly recommend reading this article.
  • Profile picture of the author Richard Tunnah
    It's amazing how many people don't realise how unsafe public wifi is without using a vpn. I stopped an old guy in the hotel lobby I was staying at just as he was going to log into his bank online. I explained to him this could be a very bad decision and yes the wifi was secured with a password but this was available to about 300 guests in the hotel. :O
    {{ DiscussionBoard.errors[9615030].message }}
    • Profile picture of the author seasoned
      Originally Posted by Richard Tunnah View Post

      It's amazing how many people don't realise how unsafe public wifi is without using a vpn. I stopped an old guy in the hotel lobby I was staying at just as he was going to log into his bank online. I explained to him this could be a very bad decision and yes the wifi was secured with a password but this was available to about 300 guests in the hotel. :O
      The password means little, especially with many public wifis. But with https, you can give 1000 people at a hotel the password, and only ONE person has the password you are using. WHY? Because the password is a MULTI part password! The 2 public keys, that everyone may know, the password, all the hotel guests know.and the two private keys NOBODY knows. They are used to create a sequence that is only good for YOUR connection.

      Is it 100% safe? NOPE! but it isn't as easy to decode as you imply, and the hotel password is not involved AT ALL! And a WIRED connection may be sniffed, just like a wifi one might. THAT is why https exists in the first place. It predates wifi by several years. Speaking of which, wifi ALSO has a layer of encryption that could be applied making it a bit tougher.

      Steve
      {{ DiscussionBoard.errors[9615303].message }}
    • Profile picture of the author Joe Mobley
      I would also recommend that you use your VPN at home. I fully expect that my Internet service provider logs everything it can about my usage.

      Joe Mobley
      Signature

      .

      Follow Me on Twitter: @daVinciJoe
      {{ DiscussionBoard.errors[9615310].message }}
      • Profile picture of the author kilgore
        Originally Posted by seasoned View Post

        Is it 100% safe? NOPE! but it isn't as easy to decode as you imply, and the hotel password is not involved AT ALL! And a WIRED connection may be sniffed, just like a wifi one might. THAT is why https exists in the first place. It predates wifi by several years. Speaking of which, wifi ALSO has a layer of encryption that could be applied making it a bit tougher.
        This is very true. This issue isn't necessarily about WiFi vs wired, but rather about using networks on which you have no control over the other people allowed to access them. In general, you're not plugging your computer into wired networks with lots of users who haven't been in some way vetted and authorized (except by the fact that they bought a cup of coffee). And absolutely WiFi can be set up to mitigate this issue. The problem is that in so many places (probably the majority of places with public WiFi) it's not set up that way.

        You're certainly right about HTTPS being a very safe protocol; however, if you read the article, I thought it was interesting the way the hacker was able to quickly and relatively easily reroute traffic from legitimate sites to spoofed sites that he could use to compromise your credentials. HTTPS would have been fine -- if he hadn't hijacked where you were logging into in the first place.

        Originally Posted by Joe Mobley View Post

        I would also recommend that you use your VPN at home. I fully expect that my Internet service provider logs everything it can about my usage.
        I'd be very surprised if ISPs didn't log a ton of information about their users. That said, your VPN provider and/or its ISP could do the exact same thing, right? And your mobile phone provider too. At some point you have to trust that people with the data aren't going to do bad things with it. Admittedly, it's not very satisfying, but the only guaranteed way to make sure nobody is logging your internet activity or data is to not use the internet at all.
        Signature
        {{ DiscussionBoard.errors[9615587].message }}
  • Profile picture of the author Paul Myers
    I was at a friend's in a rural part of the county recently, who'd said she didn't need to worry about her wifi because the houses were so far apart. I brought along a booster antenna I'd bought for $20 or so on Amazon. Showed her 4 wifi networks it put in range. There'd probably have been more if not for all the trees. (No, I didn't try to access those networks.)

    Park outside a decent-sized apartment building or complex and you can get dozens, just from that. A surprising number of which are only WEP level encryption.

    The point is, even private wifi isn't as secure as many people think.


    Paul
    Signature
    .
    Stop by Paul's Pub - my little hangout on Facebook.

    {{ DiscussionBoard.errors[9615615].message }}
  • Profile picture of the author seasoned
    Almost NO traffic goes directly to the system without being interceptable.

    In fact, NOBODY here, unless he like OWNS the system this forum is on, is using this DIRECTLY, for this forum!

    HTTP allows open interception of ANY transmission with NO notice of any kind!

    HTTPS allows open interception of ANY transmission with NO notice of any kind, IF the DNS is intercepted properly. This is unfortunate, since SSL DOES allow INSTANT notification and FAILURE if DNS is EVER changed after the first access. It can do this by changing the remote public key. Though the remote public key COULD be intercepted and passed, and impersonate the system, it would FAIL since they ALSO must copy the remote private key, and negotiated private key to keep the transmission going.

    Still, though I haven't really researched it, they HAVE broken SSL. But it IS the only standard and reliable way to have such transmissions, and using it over WIFI is about as safe as using it over wire. It does this by having a handshake negotiation when it starts, and encrypting BOTH sides of the transmission such that any intercepted data is encrypted.

    And you COULD still have keyloggers, which are often installed in viruses, but those are usable in either case.

    BTW SOME networks now go as far as 3000feet, and extenders are getting more popular. STILL, many sniffers will use the street, which brings you in range of most routers.

    Steve
    {{ DiscussionBoard.errors[9615688].message }}
  • Profile picture of the author rlymike
    VPNs are good, but for anything https, the private key will protect your information from most snoopers.
    {{ DiscussionBoard.errors[9619993].message }}
  • Profile picture of the author obaynes
    If I'm understanding the article correctly, the hacker sets up a honeypot that has a similar name to the free wifi of the coffee shop or whatever he's at and gets people to unwittingly log into it, he isn't actually pulling information off the legitimate coffee shop network. Though that's still possible, like everyone has been saying, as long as you're using https it's extremely unlikely they can actually come up with your passwords and searches.
    {{ DiscussionBoard.errors[9620196].message }}

Trending Topics