Can using a public WiFi network be dangerous, even in HTTPS?

by homesense
0 comment

“Don’t contact your bank or share confidential information when you are on a public network. This is the advice I will give you at the beginning of this article.

There are some big problems with the use of public WiFi networks. The network, open by default, is vulnerable to snooping attempts, the network could be filled with infected machines – or worse, the router itself could be compromised.

Snooping

Snooping attacks involve an intruder listening to traffic between two machines on your network. If traffic includes passing unencrypted passwords, an unauthorized individual can potentially access your network and read confidential data.

Data encryption usually keeps your data safe from prying eyes. For example, even if your neighbor can receive the WiFi signal from his home, he will not be able to spy on you because the signal is encrypted between the computer and the router with your WiFi password.

When you are connected to a public WiFi network such as an airport Wifi, the network is usually not encrypted. You can find out because you don’t need to enter a password to connect to WiFi. Your exchange with the router is sent clearly and it is possible to restore this data with special software. It is then possible to recover passwords for credentials and any information that you send through the Internet.

If you are connected to a site in “HTTPS” (see address bar at the top of your browser) such as this blog or online banking sites, communications are still encrypted and your personal information is unreadable on the network local. Unfortunately, it remains possible for an intruder to know which site you are on: although the site data is encrypted, the request to access the site still comes in clear. It is then possible for the hacker to pass behind you when you enter your password to recover it.

To protect yourself

If you want to use public WiFi to access sensitive information that you don’t want to lose, I suggest you always use the HTTPS website. If you are in a public place, be careful when entering your password (I know people who activate a webcam on their computer when typing their password to make sure no one looks back). If you often use this type of connection, I highly recommend that you use VPN. This is an encryption service (charged) that acts as a “tunnel” between your computer and the Internet. Data is encrypted (often with military encryption) and it becomes impossible to learn anything about your internet activity.

Compromised devices

The second type of threat posed by public networks is the devices connected to it. It is indeed impossible to know before connecting if a compromised device is connected to it. To avoid any problem with this type of network, just be careful to select the “public network” option offered by Windows during your first connection and not “private network”. The “private network” option blocks the network, preventing Windows from sharing any information or files with other devices connected to the network.

To protect yourself

Select the “Public network” option when you connect to the network for the first time. Also regularly make your security updates on your antivirus and on Windows. This will prevent intrusion by compromised devices on the public network.

Infected router

Even more dangerous: the router you are connecting to might be infected. This may be due to the fact that the cafe router you installed is infected or that you are connected to a “honeypot” network. Example: If you are connected to a WiFi network in a shopping center or second cup, you cannot be sure that the WiFi network that you are connecting to is offered by restaurants.

A hacker can create a mock WiFi network with an infected cellular hotspot that is in some way similar to an official social network. However, if you are connected, the hacker can restore all of your browser information.

So is it safe to consult with your bank account on a public network? It’s hard to say, the question is more complicated than it seems. In theory, this should not be a problem because https encryption ensures that you are connected to your bank and no one can monitor you.

In practice, there are many types of attacks that remain possible against you if you connect to your bank’s site. For example, the SSLStrip allows HTTP connections to be hijacked invisibly by the user.

When the site redirects to HTTPS, the software converts these links to use an HTTP Alias ​​or an HTTPS Alias ​​- in other words, another site that looks exactly like your bank’s site. This can be done without interruption and in a completely invisible way allowing the hacker to recover all the information he needs.

The “WiFi Pineapple” is an easy-to-use device that allows this type of attack to be carried out. When your computer wants to connect to a network it already knows, Pineapple WiFi will immediately detect this request and answer “Yes, it’s me, you can connect!” ” The device then has all kinds of attacks to carry out on the victim.

A clever hacker could set up this kind of compromised network in an environment bringing together many choice targets, such as in cafes or the business lounge of an airport where many business men/businesswomen gather every day and connect to the internet to consult sensitive data. This kind of attack is uncommon in today’s world, but it is possible and still used.

To protect yourself

Avoid as much as possible to consult your bank data from a public WiFi network, even if it is HTTPS.VPNs can protect you from this type of threat. This is a useful investment if you regularly connect to public WiFi networks.

Conclusion

If you regularly use a WiFi network to connect to a personal website (bank, Facebook, email, etc.), I recommend using a VPN to connect. VPN Plus offers other benefits, e.g. For example, unlocking certain websites

Related Posts

Leave a Reply

Want tech news and tips

 Newsletter about Apple, Android, Microsoft, Games, and tips and hacks will be sent to your mail every day.