While using a public WiFi could have its
advantages, it is advisable not to use it for
online banking.
A report by howtogeek.com says, “Don’t do
your online banking or anything sensitive on
a public Wi-Fi network.”
There are a few problems with using a
public Wi-Fi network. The open nature of the
network allows for snooping, the network
could be full of compromised machines, or
the hotspot itself could be malicious.
Encryption normally helps protect your
network traffic from prying eyes. For
example, even if your neighbours at home
are within range of your Wi-Fi network, they
cannot see the web pages you are viewing.
This wireless traffic is encrypted between
your laptop, tablet, or smartphone and your
wireless router. It is encrypted with your
WiFi passphrase.
When you connect to an open Wi-Fi network
like one at a coffee shop or airport, the
network is generally unencrypted — you can
tell because you don’t have to enter a
passphrase when connecting. Your
unencrypted network traffic is then clearly
visible to everyone in range. People can see
what unencrypted web pages you’re visiting,
what you are typing into unencrypted web
forms, and even see which encrypted
websites you are connected to — so if you
are connected to your bank’s website, they
will know it, although they would not know
what you are doing.
More advanced tools like Wireshark could
also be used to capture and analyse traffic.
Compromised Devices
Compromised laptops and other devices
may also be connected to the local network.
When connecting, be sure to select the
‘public network’ Wi-Fi option in windows
and not the home network or work network
options. The public network option locks
down the connection, ensuring windows is
not sharing any files or other sensitive data
with the machines on the local network.
It is also important to be up-to-date on
security patches and use a firewall like the
one built into windows. Any compromised
laptops on the local network could try to
infect you.
Malicious hotspots
Most dangerously, the hotspot you connect
to itself may be malicious. This may be
because the business hotspot was infected,
but it may also be because you are
connected to a honeypot network. For
example, if you connect to public Wi-Fi in a
public place, you cannot be entirely sure that
the network is actually a legitimate public
Wi-FI network and not one set up by an
attacker in an attempt to trick people into
connecting.
Is it safe to log into your bank’s website on
public Wi-Fi? The question is more
complicated than it appears. In theory, it
should be safe because the encryption
ensures you’re actually connected to your
bank’s website and no one can eavesdrop.
In practice, there are a variety of attacks that
can be performed against you if you connect
to your bank’s website on public Wi-Fi. For
example, strip can transparently hijack HTTP
connections. When the site redirects to
HTTPS, the software can convert those links
to use a “look-alike HTTP link” or
“homograph-similar HTTPS link” — in other
words, a domain name that looks identical
to the actual domain name, but which
actually uses different special characters.
This can happen transparently, allowing a
malicious Wi-Fi hotspot to perform a man-
in-the-middle attack and intercept secure
banking traffic.
The WiFi Pineapple is an easy-to-use device
that will, allow attackers to easily set up
such attacks. When your laptop attempts to
automatically connect to a network it
remembers, the WiFi Pineapple watches for
these requests and responds “Yes, that’s
me, connect!”. The device is then built with
a variety of man-in-the-middle and other
attacks it can easily perform.
Someone clever could set up such a
compromised hotspot in an area with high-
value targets — for example, in a city’s
financial district or anywhere people log in to
do their banking — and attempt to harvest
this personal data. It is probably uncommon
in the real world, but it is very possible.
advantages, it is advisable not to use it for
online banking.
A report by howtogeek.com says, “Don’t do
your online banking or anything sensitive on
a public Wi-Fi network.”
There are a few problems with using a
public Wi-Fi network. The open nature of the
network allows for snooping, the network
could be full of compromised machines, or
the hotspot itself could be malicious.
Encryption normally helps protect your
network traffic from prying eyes. For
example, even if your neighbours at home
are within range of your Wi-Fi network, they
cannot see the web pages you are viewing.
This wireless traffic is encrypted between
your laptop, tablet, or smartphone and your
wireless router. It is encrypted with your
WiFi passphrase.
When you connect to an open Wi-Fi network
like one at a coffee shop or airport, the
network is generally unencrypted — you can
tell because you don’t have to enter a
passphrase when connecting. Your
unencrypted network traffic is then clearly
visible to everyone in range. People can see
what unencrypted web pages you’re visiting,
what you are typing into unencrypted web
forms, and even see which encrypted
websites you are connected to — so if you
are connected to your bank’s website, they
will know it, although they would not know
what you are doing.
More advanced tools like Wireshark could
also be used to capture and analyse traffic.
Compromised Devices
Compromised laptops and other devices
may also be connected to the local network.
When connecting, be sure to select the
‘public network’ Wi-Fi option in windows
and not the home network or work network
options. The public network option locks
down the connection, ensuring windows is
not sharing any files or other sensitive data
with the machines on the local network.
It is also important to be up-to-date on
security patches and use a firewall like the
one built into windows. Any compromised
laptops on the local network could try to
infect you.
Malicious hotspots
Most dangerously, the hotspot you connect
to itself may be malicious. This may be
because the business hotspot was infected,
but it may also be because you are
connected to a honeypot network. For
example, if you connect to public Wi-Fi in a
public place, you cannot be entirely sure that
the network is actually a legitimate public
Wi-FI network and not one set up by an
attacker in an attempt to trick people into
connecting.
Is it safe to log into your bank’s website on
public Wi-Fi? The question is more
complicated than it appears. In theory, it
should be safe because the encryption
ensures you’re actually connected to your
bank’s website and no one can eavesdrop.
In practice, there are a variety of attacks that
can be performed against you if you connect
to your bank’s website on public Wi-Fi. For
example, strip can transparently hijack HTTP
connections. When the site redirects to
HTTPS, the software can convert those links
to use a “look-alike HTTP link” or
“homograph-similar HTTPS link” — in other
words, a domain name that looks identical
to the actual domain name, but which
actually uses different special characters.
This can happen transparently, allowing a
malicious Wi-Fi hotspot to perform a man-
in-the-middle attack and intercept secure
banking traffic.
The WiFi Pineapple is an easy-to-use device
that will, allow attackers to easily set up
such attacks. When your laptop attempts to
automatically connect to a network it
remembers, the WiFi Pineapple watches for
these requests and responds “Yes, that’s
me, connect!”. The device is then built with
a variety of man-in-the-middle and other
attacks it can easily perform.
Someone clever could set up such a
compromised hotspot in an area with high-
value targets — for example, in a city’s
financial district or anywhere people log in to
do their banking — and attempt to harvest
this personal data. It is probably uncommon
in the real world, but it is very possible.
Comments
Post a Comment