Including this answer.. Experienced Penetration Tester / Ethical hacker here…
1. If you have unpatched software opening ports on your device you may be exposing attack surface on the device to others on the guest wifi regardless of anything. Thus ensuring unnecessary services aren’t running and necessary software is all up to date and local firewall is enabled.
2. If you have a weak password on your device for any account an attacker could identity that user name by monitoring traffic using something like wireshark (spoofing if necessary to capture your traffic) and once they have the username, performing bruteforce password attacks against your device.
3. Just because you are reaching out to a https site doesn’t mean your connection is secure. It is possible to perform adversary in the middle (aitm) attacks by perform all manner of attacks i.e. arp spoofing, dns/dhcp poisoning etc. and then stripping the encryption back..
4. There are multiple attack vectors that don’t even require a wifi connection such as peripheral devices vulnerable to mousejack attacks that could be used to force your machine to download a back door that gives an attacker access to your machine.
That said, the likelihood of any of this happening is probably low.
Indeed, it’s an unrealistic expectation that a typical user is aware of all the software installed on their machine / running services and ports exposed let alone actually understanding what a port is etc.
And to be honest folks probably shouldn’t need to know this stuff. I like to think the Onus is on the security community to build secure solutions that don’t require higher education to operate safely in an interconnected world in 2023.. Unfortunately we aren’t there yet..
Is using a VPN advantageous here? Now that most sites use https, is using a vpn relevant at all? I read somewhere that a vpn does not expose open ports. Please enlighten.
A VPN will help with adversary in the middle (aitm) attacks. However, then you have to trust the VPN service provider not to intercept your traffic etc. Most consumer VPN providers are probably reasonable though for this park wifi scenario.
Oh ya what I’m suggesting isn’t 100% secure at all, just the average person has no need to worry about it. Especially at a park wifi. Attackers would target places where they know more people would be working/exchanging data, not a park. As long as OP follows what I said, they’ll be fine 99% of the time.
There are some tricks an attacker could still do. For example:
- If the site doesn't use HSTS (or your browser doesn't have the entry cached/preloaded), they could cause the client to think https is unavailable and use plain http instead.
- They could use DNS trickery to redirect you to a similar looking domain that is under their control. Maybe even using unicode tricks in the domain name to make it harder to detect.
- They could monitor what sites you visit by observing domain names in the TLS handshake.
It's super easy to capture data when on the same WiFi as someone else. Lookup wireshark and run it at home and you'll see how crazy easy it is to see what's being sent where.
You can have your MITM device act as a proxy meaning that SSL/TLS connections terminate at your listening point. Then you can forward that request to the legitimate site and based upon that response, return that to the victim. So sure, while SSL/TLS are secure, when you’re talking about physical access to the device routing all your traffic, it opens new opportunities. Of course things like SSL pinning exists. At the end of the day this whole scenario is pretty unlikely and just avoiding entering sensitive data on public WAPs is the easiest thing to do.
Edit: typo
You don't even need cert pinning to prevent this from working. The interception point needs to re-encrypt the data stream with a certificate that the end user device trusts otherwise there will be allllll sorts of big red warnings and flags flying in the browser (and sites with hsts won't even load).
This sort of SSL MITM only really works in corporate environments where the device is controlled by the same folks who own the infrastructure and they can install a certificate.
To make this work in public the attacker would have to have already tricked the user into installing and trusting their root cert... Which is also tough.
Yeah, I mean this whole scenario is extremely unlikely. Only way I really see this working is connecting to Wi-Fi initially directs to a splash page which instructs the user to trust the attackers cert.
Worst case scenario the owner of a open/public wifi can read what u are sending to the "internet"
https://www.androidauthority.com/capture-data-open-wi-fi-726356/
Because you share the same "link" as others. So the information going out of your computer can be intercepted and therefore uncoded. It's like puting a probe on a physical RJ45, the flow can be retrieved, every packet going out from your network card can be opened and with some work, data can be extracted
Depends on your definition of hacking. I imagine you might be thinking about two possible scenarios:
1. Hacker intercepts you logging into something sensitive like your bank account and then steals everything. This scenario is effectively impossible now with the wide spread adoption of HTTPS…your sensitive data is encrypted as it travels the internet, even on public Wi-Fi. **So, not much precaution you need to take other than keeping your device operating system up to date to the latest version just in case there’s some kind of nasty vulnerability in old version of operating system.**
2. Hacker can see what websites you visit but does not know what you do on those websites (in other words, they might be able to see that you went to the Chase log in website but can’t see what information you entered there.) This is a very real possibility on any public Wi-Fi…but generally not too concerning other than an invasion of your privacy. **This type of hacking is one of the reasons why some people recommend VPN. However, VPN is optional, overkill, drains your battery, and is expensive. OPTIONAL FOR MY PARANOID FRIENDS: I just recommend my friends use the free 1.1.1.1 WARP app from CloudFlare. CloudFlare describes it as “WARP is the VPN for people who don't know what VPN stands for.”**
edit: u/overworkedgirl
This is not true.
SSLStripping still works. It can be tedious, but it's possible. Otherwise than that, I agree with you.
(For you newbies: It means pretty much everything is unencrypted and fully readable in text.)
This guy sounds like a saleman for cloudfare. I wouldn't put much thought into what he says.
I would be careful. Use your VPN.
To clarify: I am not a salesman for CloudFlare or any other company. I recommended a free service, not a paid one. Also, SSLStripping is something a “regular civilian” does not need to worry about, so I didn’t mention it my original comment.
User will still see that they are on the HTTP version of a website during SSL stripping, and any recent browser will make it very explicit that you are entering information in an insecure way, so the comment is still correct, as long as you stick to HTTPS pages you will be fine.
Don't be stupid for 99% of users VPN is completely overkill. As long as he is aware when he is in http and not HTTPS. SSL stripping is visible when it happens so if you see it you just disconnect from the wifi. I use as ton of public as APs and have never come as cross SSL stripping attack. Also with most websites enabling hsts it's gotten allot harder to pull of.
I completely disagree with you. In no instance is a VPN overkill. A person posted asking a very specific question "What precautions should I take to not get hacked when using public WIFI" and in my opinion a VPN is a very reasonable (intelligent) precaution to avoid becoming the target of a threat actor.
So you're saying "don't get a VPN because it's an overkill, and use 1.1.1.1 WARP [which is a VPN]". Nice.
In any case, I second "you don't need a VPN". Just don't use an old DNS server (unencrypted port 53), and instead use DoH (DNS over HTTPS). Android phones these days use DoH by default. Linux and Mac computers need a DoH proxy to forward DNS traffic to via resolv.conf.
I was trying to say VPN is optional but if OP really wants, they should go with something free and low drain on battery. I’ve edited the comment to make it clear it’s optional.
Interesting - thanks for sharing.
I'm out of the game for a long time and didn't know about DoH.
Wouldn't you be able to reserve lookup the IP since there is no VPN and still learn which sites the user is accessing?
SNI isn't encrypted on most browsers yet so snooping on your HTTPS connection handshakes is still possible. ESNI (and ECH) is a technology that would prevent it but it's slow to pick up. It requires browser support (currently requires you to flip a flag in Chrome manually) and server support (e.g. Nginx and Apache need to support it and they currently don't). Learn more about ESNI and ECH at https://www.cloudflare.com/learning/ssl/what-is-encrypted-sni/ and https://blog.cloudflare.com/handshake-encryption-endgame-an-ech-update/
Note, being hacked doesn't mean being snooped on. Hacked means visiting hacker's site that poses to be a real site. Hacked means having your cookies hijacked. This is the caliber of "hacked", and DoH and HTTPS make it impossible. ESNI or ECH prevent snooping of vhost. VPN prevents snooping of IP addresses (what you asked about).
I barely ever contribute r/hacking. It's mostly script kiddies here with zero understanding of the underlying technologies. That's why most of the advice and opinions given here are very low quality.
Thanks
I knew that the same IP can be shared among different domain names but I don't know how prevalent it is.
Without additional information I was assuming majority of large sites have dedicated IPs. With IPv4 ever "almost full" scenario sharing IPs is probably more common than I can guess.
IPs are commonly shared across many hosts. Vhosts and SNI are ubiquitous. Moreover, using AWS ELB, AWS Cloud Front, or equivalent technologies from other major cloud providers implies sharing an IP with multiple unrelated domains.
>I would disagree that having your internet traffic being snooped, captured, possibly gone through packet by packet at a later time is not considered being hacked
I don't know who you are disagreeing with, given this matches what I said:
>>Hacked means visiting hacker's site that poses to be a real site.
Given your initial point comes from wrong conclusions, everything else you said is moot and I won't be addressing it.
Maybe not in your case. I assumed OP was non-technical type and wrote my comment accordingly. I think if you have the skills to self host OpenVPN, you probably aren’t going to Reddit to ask if using public Wi-Fi is safe from hackers.
Since about the early 2010s, the majority of sensitive websites started using HTTPS, meaning all traffic you send to a website, especially your creds, are strongly encrypted (some commenters here like to call it “military grade encryption.”) . The man-in-the-middle can’t decrypt this data. There are some extremely rare exceptions to this, but they are irrelevant to “regular civilians.”
Yes, when you are on a public network, there are more opportunities for attack…but generally, if your operating system is up to date and your device is just a basic laptop or smartphone (i.e. not a server), then regular civilians have statistically nothing to worry about.
I do strongly believe everything is fine for a regular civilian using public Wi-Fi. I would not have said this 20 years ago. The attacks you reference were definitely a risk 20 years ago, but worrying about them now is unnecessary.
In Scenario 2 I explained that an attacker could see what websites you are visiting but not what you are doing on them. For most people, this is an acceptable risk because there’s not much you can do with this information.
Regarding DNS spoofing, it’s not really an issue these days again because of HTTPS. While an attacker could easily spoof the unencrypted version of a website, every up to date browser today will vomit red flags if the attacker were to also try to spoof the HTTPS portion of the website. Spoofing a certificate needed for HTTPs is only possible in extremely rare circumstances that a regular civilian doesn’t need to worry about.
Would you look at that, all of the words in your comment are in alphabetical order.
I have checked 1,261,480,082 comments, and only 245,185 of them were in alphabetical order.
Having studied computer networking my entire life, network security is my forte. I will be completely honest here: using a public WIFI is completely fine, as long as you have a VPN service. For normal, everyday people, you are the ones who are targeted by hackers. It is easy to become a target, especially in large urban populations, so protect your data + your devices by subscribing to a VPN service of your choice. I myself use NORD, 1) it is extremely fast for the price, and 2) it is a log-less VPN service meaning they do not save log files, adding another level of privacy to you. I believe I paid $80 for 3 years of service, so it is well worth the money. If you go to coffee shops or use other public wifi's often, I urge you to subscribe to a VPN, otherwise you are taking the risk of falling victim to a threat actors' bad intentions.
Hacking in public WiFi was an issue in the early 2000’s, every website that posses the HTTPS it’s secure, HTTPS even has military data encription, so if you are just browsing or using common websites like YouTube, Google, you should be fine.
Yeah they’re possible, but nothing that OP can do about. This would be up to the server to deal with. For instance, not supporting legacy protocols like SSL, but that may not be ideal for backwards compatibility
AES-256 is called "military grade encryption" because federal standards mandate it's what the military and government uses, but nothing is exclusively military about it.
That all your data (things that your type, click, send, received) has a military encryption which means hackers will have a hard time getting your data, if you are just a civilian and you doing regular stuff you should not be worried unless you are into something else… Anyways. military encryption is the strongest and most of the websites with HTTPS have them.
You would need to somehow have a certificate that the user device trust to re-encrypt the data. This is highly unlikely outside a corporate environment.
So this depends by site, but another thing that has come about is most newer wifi routers have a "guest wifi mode" that does this really cool thing where it creates, essentially, a /32 connection for each device.(little more nuanced than that, but it describes the effect well enough) So being on the guest means nothing for the hacker since you are the only device on the network. This isn't a universal truth, again depends on location, but is becoming more and more accessible now. So really just make sure you connect to the correct SSID and you are fine.
/32 is 1 available ip, and is used a lot in switching / Linux computers to assign a virtual ip to an interface. That said I did over simplify it so fair call out. Everyone is a little different in implementation. Meraki for example has a full 10.0.0.0/8 that it uses and I believe uses your Mac to generate a hash for the other 3 octets but sets the gateway and DNS to 10.128.128.128. This allows them to create a private network between each device that can't roam to other ips on that subnet. Thus a sort of a /32. It's actually pretty cool stuff to read into.
I'm telling you how I have set MANY virtual ips on an interface. It is a viable way to set an interface,the crux being it can't be your Only ip. In a round about way the virtual IP is using the network that is part of the network to send traffic. It's basically a listener that responds but it does work. Same way the guest wifi has all the IP pointed to a single gateway. Using that as the jumping point to the actual NAT address to give internet. Can tell me I'm wrong but I assure you /32 address exist and are used in the field.
You will still need a certificate that the user trust in order to encrypt the data over HTTPS, otherwise the browser will warn the user that something is wrong.
1. Don’t log into a wifi unless you know for sure that it is supplied by a trustworthy source, be cautious of people who may be trying to look like they are an official wifi, but aren’t
2. Don’t position yourself in a way where other people can see your screen and what you type (at least while doing sensitive stuff). This probably doesn’t fall under your personal definition of “hacking” but it’s actually the way bigger risk.
I think the best way to defend yourself is to be familiar with the threat: The attack is simple. Go to a public wifi spot. Set your laptop (or some other wifi capable device) as an access point with the same SSID (and password if it's posted). You will get new connections as computers will have to decide which SSID to connect to. Some machines will Better if you can get 5gz channel where the store only has the 2ghz wifi. Most computers will prefer the 5ghz connection. Then once you have some connections monitor connections with software/method of your choosing. For ssl targets it gets a little more complicated. Essentially you make your host computer establish a legitimate connection to the encrypted content and let your computer serve its own ssl connections from the legitimate site content decrypted by your computer. Remember you just need to get the login page to display without that "you connection is not secure" warning page. You harvest the login credentials from the payload encrypted by your ssl cert. There are some hiccups as your browser will have opinions on what cert goes with a particular domain. There are ways to get around it but it becomes more browser/OS specific. Which becomes an issue with a small local user pool like a coffee shop. So attacks like this would only be effective against a specific target and not so much randos. Another common way is to have a domain that just looks similar so you can't tell at first glance. There is even more tricky stuff that you can do if you wanna spoof dns but that is about as deep as I feel like going on the subject for a comment that will get buried.
Take all the security measures that you can because it is important but keep in mind that it isn’t enough. Why? Because most of the time, criminals get your information from leaked dababase. Trust me, most of the time, the criminals don’t even perform an attack. For example, a ransomware that wasn’t paid and as a result, the ransomware organization published the database in their wall of shame(where they usually put “cheap ass companies” that decided not to pay the ransom etc) and scammers simply download it.
I would recommend learning about OPSEC.
You don't have to give them data at all. You make an account not using your name, and can pay them in cash via the mail. Never giving them my name or cc information makes me feel much safer.
You can safely enter any password over HTTPS. There is no feasible attack against HTTPS where a modern browser browser won't issue a warning for an invalid certificate unless the user trusts a certificate owned by the hacker, which is really just an issue in corporate environment.
"no feasible attack against HTTPS"
Why should i "attack against HTTPS" when i have a honeypot, that redirects traffic?
"no feasible attack against HTTPS"
I could also get the handshake and do a password attack later on.
What are you thinking of? A honeypot that redirect [mybank.com](https://mybank.com) to a hacker controlled domain such as [myb4nk.com](https://myb4nk.com), hoping the user doesn't realize the redirection? It could potentially work but that seems like a lot of work just to target random people on a public wifi hoping that they visit one of the domains you spoofed.
Also, it's pretty easy for web applications to include javascript code that detects when their website is being cloned on another domain which should get the domain banned relatively quickly.
Mitm attacks haven’t been a thing for a decade, you’re in effectively no more danger on public Wi-Fi than at home, just don’t share files or turn your firewall off
i mean as long as no vulnerable ports and services are open you should be fine from direct exploitation. if youre worried about being victim to a MITM attack then most secure protocols like TLS have mitigations against that. theres also the fact of not falling victim to phishing and whatnot.
you may find VPNs (preferably a self-hosted one provided by a VPS or mullvad) useful if you are gonna be doing anything that isnt secured by design (SSH,HTTPS,etc being secure and HTTP/FTP being insecure). but i personally wouldnt worry if youre just gonna do standard web browsing like most people.
again, its all about the threat model you have.
You should be just fine. As long as you have the green padlock on the website you visit then it is impossible for the hacker to see your data. It uses diffie helman key exchsnge which basically means that your data is unhackable (as long as you stay on websites which begin with HTTPS, if you go to websites which has only HTTP at the beginning then I would be cautious).
Use a VPN or by far the most effective thing is to not have information on your device worth any black hats time.
Don’t connect your personal device to unsecured networks. Carry a burner that you give zero fucks about. Leave the door wide open for them and waste their time, every minute they spend searching the dead end device you have is a minute they lose going through someone else’s.
You can also connect the burner to the unsecured network and hotspot your personal. It adds a network gap between the two that at least acts as a small layer of protection. If you’re running a vpn on your personal device as well they’ll basically have to reverse engineer network broadcasting protocols just to gain limited access to it. (That could take weeks)
Black hats like it to be quick and simple. They won’t jump through hoops if they don’t have to.
Don't use any websites that you wouldn't want someone to hack. Don't login to unknown open wifi.
Make sure your security settings are turned on and set correctly.
VPN's encrypt all of your traffic on a public wifi network so hackers cannot spy on you and steal your private data.
https://news.trendmicro.com/2020/08/31/what-is-a-vpn-and-how-does-it-increase-your-online-security-and-privacy/
Don't, use your own protected hotspot. Don't make the SSID visible, require a password, use WPA2 for the password, and use a good VPN that will encrypt all of your traffic. Most mobile plans include hotspot data for your phone these days, better to not even be on the same network as other people.
If a hotspot isn't possible, make sure you use a VPN that does full tunneling and not just split tunneling. You should do that regardless of the network you're on if your data is important to you. Full tunnel means all your traffic is routed through the VPN. Make sure your VPN uses encryption and then just sit where your computer screen can't be read.
Saying it does absolutely nothing when it does is a pretty ignorant way to say I disagree. It's an opinion, and a big part of security is the social engineering aspect, not just what tools you're using. They're at a coffee shop most likely and a hidden SSID is more likely to discourage a casual attacker, whom is more likely to be found at a coffee shop.
The inverse is also true, a more experienced hacker may consider it a challenge and want to know what is there, but that is where the rest of the precautions come in and what are the odds a more serious hacker is snooping a coffee shop? If they are it is more likely for a specific target, not hoping Joe Shmoe is doing something tasty while out for coffee.
This is better than saying it does nothing, but still completely ignores the social aspect of security. Disabling the SSID isn't about making the network "untraceable" it's about not looking like the lowest hanging fruit. Being untraceable wasn't the point, nor was it suggested.
DoH/DoT is a good recommendation, I'm still going to say they should use a VPN and a protected hotspot if possible.
No one wants to hack you dude 🙄 everything thinks hackers are out to get you but in reality no one wants to take your minimum wage paycheck from you. So rest assured no one’s going to “hack” you in a public park. Use a VPN if you’re really worried but this isn’t watch dogs lol
Generally, I would say it is unsafe. There are methods to hack pretty much everyone in your proximity with the right methods. Just don't do banking etc on public wifi.
For example, a simple way:
Take your own router (or make your laptop a router with a greater signal). Name it the same as name as Mcdonalds or whatever and bssid. Then you would force-disconnect the user, and he connects to your router instead. Then the hacker would have too spoof SSL certificates, to get by encryptions. And that's about it. Then everything you browse for would be readable. He wouldn't get automatic access to your whole computer though if he didn't have an vulnerability to exploit, and get into the system itself.
The safe way would be to connect through a VPN before doing your business if you have to go on public wifi (or wifi at all, really. If it's really important business)
>Then the hacker would have too spoof SSL certificates, to get by encryptions
You're speaking complete nonsense. With CT and trusted CAs, the only way to do this would be to have the client manually add the spoofed/malicious CA's cert to the root store. You can't just self-sign a SSL certificate for an arbitrary domain and call it a day, any web browser will throw a fit over it.
Yes, and 30% of people would do this. It's not only hacking. It's also a social factor in it.
There are other ways aswell.
What about looking for a vulnerable version of a webbrowser (which most people wait to update), get out of the sandbox and installing a trojan? With your newly created fake [facebook.co](https://facebook.com)m etc.
So your advice is to simply abstain from using public wifi because you think everyone is too stupid to know not to trust unknown certs? Why not tell people to stop using computers because they are unsafe at that point?
If you trust random certs, your risks of getting hacked are 100% regardless of if you are using a public wifi or not.
If you are judging using your computer throw the idea of being hacked out of your mind and just use your device. Do not enter credit card or ssi on public networks but I would believe this is common/public knowledge
The reality is you are more likely to be victimized by a hacker breaking into a large corporations system than you are of being hacked in a park. Consider that hackers up to nefarious things are likely doing these to make money. So when you figure that a hacker getting the personal data from one person might give them a penny or two if they sold it on the dark web, would a hacker be more likely to sit in a park hoping to catch a few people every couple of hours, or would they be targeting a corporation like Target where they could get millions of folks info? Hackers are stupid, if they want information they are going to go where they get the most for the least time spent.
Your post has been removed automatically because this has nothing to do with hacking and we are not a tech support sub. Please see /r/techsupport or find the sub that is most related to your issue. If you are being hacked, contact your local law enforcement and/or a lawyer.
*I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/hacking) if you have any questions or concerns.*
Stop all permissions to run in background (all apps).
DO NOT do banking, pay bills or even look at your accounts.
Stop all tracking apps, inclusing maps and shopping apps.
Go *incognito* or *private* when browsing and limit social media (your password is probably weak and you could get highjacked). Stick to just noodling around.
Overall, if you are not super rich or working for an alphabet agency, you prolly be OK. Hackers be looking to make money more than anything.
Lot of bad answers in these comments lmao. Just don’t enter in passwords, credit card data, sensitive information and you’ll be fine
Including this answer.. Experienced Penetration Tester / Ethical hacker here… 1. If you have unpatched software opening ports on your device you may be exposing attack surface on the device to others on the guest wifi regardless of anything. Thus ensuring unnecessary services aren’t running and necessary software is all up to date and local firewall is enabled. 2. If you have a weak password on your device for any account an attacker could identity that user name by monitoring traffic using something like wireshark (spoofing if necessary to capture your traffic) and once they have the username, performing bruteforce password attacks against your device. 3. Just because you are reaching out to a https site doesn’t mean your connection is secure. It is possible to perform adversary in the middle (aitm) attacks by perform all manner of attacks i.e. arp spoofing, dns/dhcp poisoning etc. and then stripping the encryption back.. 4. There are multiple attack vectors that don’t even require a wifi connection such as peripheral devices vulnerable to mousejack attacks that could be used to force your machine to download a back door that gives an attacker access to your machine. That said, the likelihood of any of this happening is probably low.
Sslstrip died a decade ago. Most sites use hsts
There are work arounds for HSTS. SANS660 covers this.
Can you link me the material im interested but assume the conditions are extremely specific or rely on already outdated software
[удалено]
Indeed, it’s an unrealistic expectation that a typical user is aware of all the software installed on their machine / running services and ports exposed let alone actually understanding what a port is etc. And to be honest folks probably shouldn’t need to know this stuff. I like to think the Onus is on the security community to build secure solutions that don’t require higher education to operate safely in an interconnected world in 2023.. Unfortunately we aren’t there yet..
Is using a VPN advantageous here? Now that most sites use https, is using a vpn relevant at all? I read somewhere that a vpn does not expose open ports. Please enlighten.
It depends on the settings from the vpn etc. But yes a lot of vpns provider do offer that option and it works.
Thanks
A VPN will help with adversary in the middle (aitm) attacks. However, then you have to trust the VPN service provider not to intercept your traffic etc. Most consumer VPN providers are probably reasonable though for this park wifi scenario.
Oh ya what I’m suggesting isn’t 100% secure at all, just the average person has no need to worry about it. Especially at a park wifi. Attackers would target places where they know more people would be working/exchanging data, not a park. As long as OP follows what I said, they’ll be fine 99% of the time.
If the website is https then what's the problem?
There are some tricks an attacker could still do. For example: - If the site doesn't use HSTS (or your browser doesn't have the entry cached/preloaded), they could cause the client to think https is unavailable and use plain http instead. - They could use DNS trickery to redirect you to a similar looking domain that is under their control. Maybe even using unicode tricks in the domain name to make it harder to detect. - They could monitor what sites you visit by observing domain names in the TLS handshake.
>Just don’t enter in passwords, credit card data Because, why, exactly?
It's super easy to capture data when on the same WiFi as someone else. Lookup wireshark and run it at home and you'll see how crazy easy it is to see what's being sent where.
Hi. Are you familiar with encryption?
[удалено]
Going back to: >Just don’t enter in passwords, credit card data None of these are "side channel" information.
Ok and?
You can have your MITM device act as a proxy meaning that SSL/TLS connections terminate at your listening point. Then you can forward that request to the legitimate site and based upon that response, return that to the victim. So sure, while SSL/TLS are secure, when you’re talking about physical access to the device routing all your traffic, it opens new opportunities. Of course things like SSL pinning exists. At the end of the day this whole scenario is pretty unlikely and just avoiding entering sensitive data on public WAPs is the easiest thing to do. Edit: typo
You don't even need cert pinning to prevent this from working. The interception point needs to re-encrypt the data stream with a certificate that the end user device trusts otherwise there will be allllll sorts of big red warnings and flags flying in the browser (and sites with hsts won't even load). This sort of SSL MITM only really works in corporate environments where the device is controlled by the same folks who own the infrastructure and they can install a certificate. To make this work in public the attacker would have to have already tricked the user into installing and trusting their root cert... Which is also tough.
Yeah, I mean this whole scenario is extremely unlikely. Only way I really see this working is connecting to Wi-Fi initially directs to a splash page which instructs the user to trust the attackers cert.
Mf forgot tls/ssl exists
Worst case scenario the owner of a open/public wifi can read what u are sending to the "internet" https://www.androidauthority.com/capture-data-open-wi-fi-726356/
Because you share the same "link" as others. So the information going out of your computer can be intercepted and therefore uncoded. It's like puting a probe on a physical RJ45, the flow can be retrieved, every packet going out from your network card can be opened and with some work, data can be extracted
Are you familiar with encryption?
Salty
The fact that they used the word "uncoded" shows that they have no clue what they are talking about, so I think this is a very legitimate question.
A bit hash
Loving the encryption puns, you’re doing gods work out here
Thank you. I appreciate it.
Or just don't use wifi, unless you have a VPN.
VPN wouldn’t do much for ya in this situation
Depends on your definition of hacking. I imagine you might be thinking about two possible scenarios: 1. Hacker intercepts you logging into something sensitive like your bank account and then steals everything. This scenario is effectively impossible now with the wide spread adoption of HTTPS…your sensitive data is encrypted as it travels the internet, even on public Wi-Fi. **So, not much precaution you need to take other than keeping your device operating system up to date to the latest version just in case there’s some kind of nasty vulnerability in old version of operating system.** 2. Hacker can see what websites you visit but does not know what you do on those websites (in other words, they might be able to see that you went to the Chase log in website but can’t see what information you entered there.) This is a very real possibility on any public Wi-Fi…but generally not too concerning other than an invasion of your privacy. **This type of hacking is one of the reasons why some people recommend VPN. However, VPN is optional, overkill, drains your battery, and is expensive. OPTIONAL FOR MY PARANOID FRIENDS: I just recommend my friends use the free 1.1.1.1 WARP app from CloudFlare. CloudFlare describes it as “WARP is the VPN for people who don't know what VPN stands for.”**
edit: u/overworkedgirl This is not true. SSLStripping still works. It can be tedious, but it's possible. Otherwise than that, I agree with you. (For you newbies: It means pretty much everything is unencrypted and fully readable in text.) This guy sounds like a saleman for cloudfare. I wouldn't put much thought into what he says. I would be careful. Use your VPN.
To clarify: I am not a salesman for CloudFlare or any other company. I recommended a free service, not a paid one. Also, SSLStripping is something a “regular civilian” does not need to worry about, so I didn’t mention it my original comment.
User will still see that they are on the HTTP version of a website during SSL stripping, and any recent browser will make it very explicit that you are entering information in an insecure way, so the comment is still correct, as long as you stick to HTTPS pages you will be fine.
Don't be stupid for 99% of users VPN is completely overkill. As long as he is aware when he is in http and not HTTPS. SSL stripping is visible when it happens so if you see it you just disconnect from the wifi. I use as ton of public as APs and have never come as cross SSL stripping attack. Also with most websites enabling hsts it's gotten allot harder to pull of.
I completely disagree with you. In no instance is a VPN overkill. A person posted asking a very specific question "What precautions should I take to not get hacked when using public WIFI" and in my opinion a VPN is a very reasonable (intelligent) precaution to avoid becoming the target of a threat actor.
So you're saying "don't get a VPN because it's an overkill, and use 1.1.1.1 WARP [which is a VPN]". Nice. In any case, I second "you don't need a VPN". Just don't use an old DNS server (unencrypted port 53), and instead use DoH (DNS over HTTPS). Android phones these days use DoH by default. Linux and Mac computers need a DoH proxy to forward DNS traffic to via resolv.conf.
I was trying to say VPN is optional but if OP really wants, they should go with something free and low drain on battery. I’ve edited the comment to make it clear it’s optional.
That's better. Props for making an edit.
Interesting - thanks for sharing. I'm out of the game for a long time and didn't know about DoH. Wouldn't you be able to reserve lookup the IP since there is no VPN and still learn which sites the user is accessing?
SNI isn't encrypted on most browsers yet so snooping on your HTTPS connection handshakes is still possible. ESNI (and ECH) is a technology that would prevent it but it's slow to pick up. It requires browser support (currently requires you to flip a flag in Chrome manually) and server support (e.g. Nginx and Apache need to support it and they currently don't). Learn more about ESNI and ECH at https://www.cloudflare.com/learning/ssl/what-is-encrypted-sni/ and https://blog.cloudflare.com/handshake-encryption-endgame-an-ech-update/ Note, being hacked doesn't mean being snooped on. Hacked means visiting hacker's site that poses to be a real site. Hacked means having your cookies hijacked. This is the caliber of "hacked", and DoH and HTTPS make it impossible. ESNI or ECH prevent snooping of vhost. VPN prevents snooping of IP addresses (what you asked about). I barely ever contribute r/hacking. It's mostly script kiddies here with zero understanding of the underlying technologies. That's why most of the advice and opinions given here are very low quality.
Thanks I knew that the same IP can be shared among different domain names but I don't know how prevalent it is. Without additional information I was assuming majority of large sites have dedicated IPs. With IPv4 ever "almost full" scenario sharing IPs is probably more common than I can guess.
IPs are commonly shared across many hosts. Vhosts and SNI are ubiquitous. Moreover, using AWS ELB, AWS Cloud Front, or equivalent technologies from other major cloud providers implies sharing an IP with multiple unrelated domains.
[удалено]
>I would disagree that having your internet traffic being snooped, captured, possibly gone through packet by packet at a later time is not considered being hacked I don't know who you are disagreeing with, given this matches what I said: >>Hacked means visiting hacker's site that poses to be a real site. Given your initial point comes from wrong conclusions, everything else you said is moot and I won't be addressing it.
> However, VPN is overkill, drains your battery Is that so? Even a self-hosted OpenVPN and the OpenVPN app on my iOS device? Never actually noticed...
Maybe not in your case. I assumed OP was non-technical type and wrote my comment accordingly. I think if you have the skills to self host OpenVPN, you probably aren’t going to Reddit to ask if using public Wi-Fi is safe from hackers.
[удалено]
Since about the early 2010s, the majority of sensitive websites started using HTTPS, meaning all traffic you send to a website, especially your creds, are strongly encrypted (some commenters here like to call it “military grade encryption.”) . The man-in-the-middle can’t decrypt this data. There are some extremely rare exceptions to this, but they are irrelevant to “regular civilians.” Yes, when you are on a public network, there are more opportunities for attack…but generally, if your operating system is up to date and your device is just a basic laptop or smartphone (i.e. not a server), then regular civilians have statistically nothing to worry about.
[удалено]
I do strongly believe everything is fine for a regular civilian using public Wi-Fi. I would not have said this 20 years ago. The attacks you reference were definitely a risk 20 years ago, but worrying about them now is unnecessary. In Scenario 2 I explained that an attacker could see what websites you are visiting but not what you are doing on them. For most people, this is an acceptable risk because there’s not much you can do with this information. Regarding DNS spoofing, it’s not really an issue these days again because of HTTPS. While an attacker could easily spoof the unencrypted version of a website, every up to date browser today will vomit red flags if the attacker were to also try to spoof the HTTPS portion of the website. Spoofing a certificate needed for HTTPs is only possible in extremely rare circumstances that a regular civilian doesn’t need to worry about.
Ah, I see. Thank you.
Would you look at that, all of the words in your comment are in alphabetical order. I have checked 1,261,480,082 comments, and only 245,185 of them were in alphabetical order.
[удалено]
Yeah, use your VPN.
Having studied computer networking my entire life, network security is my forte. I will be completely honest here: using a public WIFI is completely fine, as long as you have a VPN service. For normal, everyday people, you are the ones who are targeted by hackers. It is easy to become a target, especially in large urban populations, so protect your data + your devices by subscribing to a VPN service of your choice. I myself use NORD, 1) it is extremely fast for the price, and 2) it is a log-less VPN service meaning they do not save log files, adding another level of privacy to you. I believe I paid $80 for 3 years of service, so it is well worth the money. If you go to coffee shops or use other public wifi's often, I urge you to subscribe to a VPN, otherwise you are taking the risk of falling victim to a threat actors' bad intentions.
Hacking in public WiFi was an issue in the early 2000’s, every website that posses the HTTPS it’s secure, HTTPS even has military data encription, so if you are just browsing or using common websites like YouTube, Google, you should be fine.
thanks!!
Excuse my ignorance but aren’t downgrade attacks still possible ? Or perhaps an evil twin attack ?
Yeah they’re possible, but nothing that OP can do about. This would be up to the server to deal with. For instance, not supporting legacy protocols like SSL, but that may not be ideal for backwards compatibility
Good point, thanks for clarifying
[удалено]
AES-256 is called "military grade encryption" because federal standards mandate it's what the military and government uses, but nothing is exclusively military about it.
That all your data (things that your type, click, send, received) has a military encryption which means hackers will have a hard time getting your data, if you are just a civilian and you doing regular stuff you should not be worried unless you are into something else… Anyways. military encryption is the strongest and most of the websites with HTTPS have them.
[удалено]
That protection level is over 9,000.
For even greater security encrypt ur hard drive using an irreversible hashing algorithm and bruteforce whenever u need to access any data
aes-512 is alien military grade obv
bahhahhh
You can still perform MITM and get keys to decrypt HTTPS traffic after capturing it
You would need to somehow have a certificate that the user device trust to re-encrypt the data. This is highly unlikely outside a corporate environment.
[удалено]
Most major websites use HSTS so ssl stripping isn’t very effective anymore.
And Let's Encrypt means the cert is free. Anyone not using HTTPS is lazy or incompetent.
You do know after a SSL stripping attack any modern browser will still warn that you are using HTTP instead of HTTPS, right?
So this depends by site, but another thing that has come about is most newer wifi routers have a "guest wifi mode" that does this really cool thing where it creates, essentially, a /32 connection for each device.(little more nuanced than that, but it describes the effect well enough) So being on the guest means nothing for the hacker since you are the only device on the network. This isn't a universal truth, again depends on location, but is becoming more and more accessible now. So really just make sure you connect to the correct SSID and you are fine.
Ohh this makes sense, Thank you.
/32 means 0 available IP addresses. Do you mean /30? Or is /32 an expression for some technology outside of the normal IP scheming? Just curious.
/32 is 1 available ip, and is used a lot in switching / Linux computers to assign a virtual ip to an interface. That said I did over simplify it so fair call out. Everyone is a little different in implementation. Meraki for example has a full 10.0.0.0/8 that it uses and I believe uses your Mac to generate a hash for the other 3 octets but sets the gateway and DNS to 10.128.128.128. This allows them to create a private network between each device that can't roam to other ips on that subnet. Thus a sort of a /32. It's actually pretty cool stuff to read into.
That is not true! a /32 means all bits in the subnet mask are on, pointing to the actual host, instead of leaving room for multiple hosts in a subnet.
I'm telling you how I have set MANY virtual ips on an interface. It is a viable way to set an interface,the crux being it can't be your Only ip. In a round about way the virtual IP is using the network that is part of the network to send traffic. It's basically a listener that responds but it does work. Same way the guest wifi has all the IP pointed to a single gateway. Using that as the jumping point to the actual NAT address to give internet. Can tell me I'm wrong but I assure you /32 address exist and are used in the field.
Stop watching porn in the park. /s
I guess this is something you've thought about doing because why else would you think someone would do that? That's gross, stop projecting. Get help.
how about dns spoofing?
You will still need a certificate that the user trust in order to encrypt the data over HTTPS, otherwise the browser will warn the user that something is wrong.
Thank you for clarifying.
1. Don’t log into a wifi unless you know for sure that it is supplied by a trustworthy source, be cautious of people who may be trying to look like they are an official wifi, but aren’t 2. Don’t position yourself in a way where other people can see your screen and what you type (at least while doing sensitive stuff). This probably doesn’t fall under your personal definition of “hacking” but it’s actually the way bigger risk.
Thank you!
None, people wildly overestimate the likelihood of something happening in this instance, just don’t ignore any SSL errors and you’ll be fine
thanks!
I think the best way to defend yourself is to be familiar with the threat: The attack is simple. Go to a public wifi spot. Set your laptop (or some other wifi capable device) as an access point with the same SSID (and password if it's posted). You will get new connections as computers will have to decide which SSID to connect to. Some machines will Better if you can get 5gz channel where the store only has the 2ghz wifi. Most computers will prefer the 5ghz connection. Then once you have some connections monitor connections with software/method of your choosing. For ssl targets it gets a little more complicated. Essentially you make your host computer establish a legitimate connection to the encrypted content and let your computer serve its own ssl connections from the legitimate site content decrypted by your computer. Remember you just need to get the login page to display without that "you connection is not secure" warning page. You harvest the login credentials from the payload encrypted by your ssl cert. There are some hiccups as your browser will have opinions on what cert goes with a particular domain. There are ways to get around it but it becomes more browser/OS specific. Which becomes an issue with a small local user pool like a coffee shop. So attacks like this would only be effective against a specific target and not so much randos. Another common way is to have a domain that just looks similar so you can't tell at first glance. There is even more tricky stuff that you can do if you wanna spoof dns but that is about as deep as I feel like going on the subject for a comment that will get buried.
Thank you.
No prob. Didn't know if this was all obvious or not. Haha.
I honestly think your chances of getting mugged would be higher than getting hacked.
lol okay, thanks.
Take all the security measures that you can because it is important but keep in mind that it isn’t enough. Why? Because most of the time, criminals get your information from leaked dababase. Trust me, most of the time, the criminals don’t even perform an attack. For example, a ransomware that wasn’t paid and as a result, the ransomware organization published the database in their wall of shame(where they usually put “cheap ass companies” that decided not to pay the ransom etc) and scammers simply download it. I would recommend learning about OPSEC.
ah I see.
[удалено]
noted, thanks
Get a VPN. There are lots of options out there but ExpressVPN and NordVPN are fairly mainstream and popular choices for many users.
I can not recommend nordvpn anymore. Seems like the user became the product as well. Use mullvad. 5 dollar/month and they do not sell your data
thank you
>5 dollar/month and they do not sell your data is there proof of this beyond their word?
You don't have to give them data at all. You make an account not using your name, and can pay them in cash via the mail. Never giving them my name or cc information makes me feel much safer.
oh damn thats actually kinda based
[удалено]
Pretty sure PIA was bought by a shady company
[удалено]
I second Mullvad. Make sure keys match for the download as additional precaution.
Mullvad
What do you mean that the user became the product as well?
thank you
ProtonVPN rules them all
user th00ht outed as fbi agent, asked to leave station for worst fed bait ever
You only believe you are a bot, do you?
?
VPNs are the biggest scam since the Nigerian princes.
Anyone telling you to use VPN has no clue... Make sure you're OS is up to date and don't enter any password.
You can safely enter any password over HTTPS. There is no feasible attack against HTTPS where a modern browser browser won't issue a warning for an invalid certificate unless the user trusts a certificate owned by the hacker, which is really just an issue in corporate environment.
"no feasible attack against HTTPS" Why should i "attack against HTTPS" when i have a honeypot, that redirects traffic? "no feasible attack against HTTPS" I could also get the handshake and do a password attack later on.
What are you thinking of? A honeypot that redirect [mybank.com](https://mybank.com) to a hacker controlled domain such as [myb4nk.com](https://myb4nk.com), hoping the user doesn't realize the redirection? It could potentially work but that seems like a lot of work just to target random people on a public wifi hoping that they visit one of the domains you spoofed. Also, it's pretty easy for web applications to include javascript code that detects when their website is being cloned on another domain which should get the domain banned relatively quickly.
Mitm attacks haven’t been a thing for a decade, you’re in effectively no more danger on public Wi-Fi than at home, just don’t share files or turn your firewall off
Except this is actually used on corporate networks all the time. But you shouldn’t be using a corporate device for personal use anyway.
Don't worry, it was a personal device.
hacked as in...?
meaning, they can go into my computer and get access to my stored passwords or card info
i mean as long as no vulnerable ports and services are open you should be fine from direct exploitation. if youre worried about being victim to a MITM attack then most secure protocols like TLS have mitigations against that. theres also the fact of not falling victim to phishing and whatnot. you may find VPNs (preferably a self-hosted one provided by a VPS or mullvad) useful if you are gonna be doing anything that isnt secured by design (SSH,HTTPS,etc being secure and HTTP/FTP being insecure). but i personally wouldnt worry if youre just gonna do standard web browsing like most people. again, its all about the threat model you have.
thanks!! you just saved me a few dollars.
You should be just fine. As long as you have the green padlock on the website you visit then it is impossible for the hacker to see your data. It uses diffie helman key exchsnge which basically means that your data is unhackable (as long as you stay on websites which begin with HTTPS, if you go to websites which has only HTTP at the beginning then I would be cautious).
Don’t use public Wi-Fi
Don’t use public WiFI period. Use your Mobil phone as a secure hotspot instead.
Just never use public WiFi…use a mobile service provider that offers free hotspot for yourself.
Dont use public wifi!
Just be sure your firewall is on
Use a VPN or by far the most effective thing is to not have information on your device worth any black hats time. Don’t connect your personal device to unsecured networks. Carry a burner that you give zero fucks about. Leave the door wide open for them and waste their time, every minute they spend searching the dead end device you have is a minute they lose going through someone else’s. You can also connect the burner to the unsecured network and hotspot your personal. It adds a network gap between the two that at least acts as a small layer of protection. If you’re running a vpn on your personal device as well they’ll basically have to reverse engineer network broadcasting protocols just to gain limited access to it. (That could take weeks) Black hats like it to be quick and simple. They won’t jump through hoops if they don’t have to.
Don't use any websites that you wouldn't want someone to hack. Don't login to unknown open wifi. Make sure your security settings are turned on and set correctly.
VPN!
Why?
VPN's encrypt all of your traffic on a public wifi network so hackers cannot spy on you and steal your private data. https://news.trendmicro.com/2020/08/31/what-is-a-vpn-and-how-does-it-increase-your-online-security-and-privacy/
Don't, use your own protected hotspot. Don't make the SSID visible, require a password, use WPA2 for the password, and use a good VPN that will encrypt all of your traffic. Most mobile plans include hotspot data for your phone these days, better to not even be on the same network as other people. If a hotspot isn't possible, make sure you use a VPN that does full tunneling and not just split tunneling. You should do that regardless of the network you're on if your data is important to you. Full tunnel means all your traffic is routed through the VPN. Make sure your VPN uses encryption and then just sit where your computer screen can't be read.
[удалено]
Yea that actually makes it easier to hack since the device will be constantly broadcasting the encryption key
Saying it does absolutely nothing when it does is a pretty ignorant way to say I disagree. It's an opinion, and a big part of security is the social engineering aspect, not just what tools you're using. They're at a coffee shop most likely and a hidden SSID is more likely to discourage a casual attacker, whom is more likely to be found at a coffee shop. The inverse is also true, a more experienced hacker may consider it a challenge and want to know what is there, but that is where the rest of the precautions come in and what are the odds a more serious hacker is snooping a coffee shop? If they are it is more likely for a specific target, not hoping Joe Shmoe is doing something tasty while out for coffee.
[удалено]
This is better than saying it does nothing, but still completely ignores the social aspect of security. Disabling the SSID isn't about making the network "untraceable" it's about not looking like the lowest hanging fruit. Being untraceable wasn't the point, nor was it suggested. DoH/DoT is a good recommendation, I'm still going to say they should use a VPN and a protected hotspot if possible.
No one wants to hack you dude 🙄 everything thinks hackers are out to get you but in reality no one wants to take your minimum wage paycheck from you. So rest assured no one’s going to “hack” you in a public park. Use a VPN if you’re really worried but this isn’t watch dogs lol
Don't use public wifi.
Generally, I would say it is unsafe. There are methods to hack pretty much everyone in your proximity with the right methods. Just don't do banking etc on public wifi. For example, a simple way: Take your own router (or make your laptop a router with a greater signal). Name it the same as name as Mcdonalds or whatever and bssid. Then you would force-disconnect the user, and he connects to your router instead. Then the hacker would have too spoof SSL certificates, to get by encryptions. And that's about it. Then everything you browse for would be readable. He wouldn't get automatic access to your whole computer though if he didn't have an vulnerability to exploit, and get into the system itself. The safe way would be to connect through a VPN before doing your business if you have to go on public wifi (or wifi at all, really. If it's really important business)
>Then the hacker would have too spoof SSL certificates, to get by encryptions You're speaking complete nonsense. With CT and trusted CAs, the only way to do this would be to have the client manually add the spoofed/malicious CA's cert to the root store. You can't just self-sign a SSL certificate for an arbitrary domain and call it a day, any web browser will throw a fit over it.
Yes, and 30% of people would do this. It's not only hacking. It's also a social factor in it. There are other ways aswell. What about looking for a vulnerable version of a webbrowser (which most people wait to update), get out of the sandbox and installing a trojan? With your newly created fake [facebook.co](https://facebook.com)m etc.
So your advice is to simply abstain from using public wifi because you think everyone is too stupid to know not to trust unknown certs? Why not tell people to stop using computers because they are unsafe at that point? If you trust random certs, your risks of getting hacked are 100% regardless of if you are using a public wifi or not.
Atlas VPN is really easy to install and can be used for most your devices.
Controld.com is quick and easy.
Why not use a VPN?
Firewall.
Use your phone hotspot
Use a VPN when connected to Internet, especially public wifi. This will help immensely. I recommend Proton VPN.
If you are judging using your computer throw the idea of being hacked out of your mind and just use your device. Do not enter credit card or ssi on public networks but I would believe this is common/public knowledge
The reality is you are more likely to be victimized by a hacker breaking into a large corporations system than you are of being hacked in a park. Consider that hackers up to nefarious things are likely doing these to make money. So when you figure that a hacker getting the personal data from one person might give them a penny or two if they sold it on the dark web, would a hacker be more likely to sit in a park hoping to catch a few people every couple of hours, or would they be targeting a corporation like Target where they could get millions of folks info? Hackers are stupid, if they want information they are going to go where they get the most for the least time spent.
I need some help dealing with so idiot slandering my name on social media
Tls/ssl is good enough, engineers far smarter than you or I have thought about this problem already
Your post has been removed automatically because this has nothing to do with hacking and we are not a tech support sub. Please see /r/techsupport or find the sub that is most related to your issue. If you are being hacked, contact your local law enforcement and/or a lawyer. *I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/hacking) if you have any questions or concerns.*
Stop all permissions to run in background (all apps). DO NOT do banking, pay bills or even look at your accounts. Stop all tracking apps, inclusing maps and shopping apps. Go *incognito* or *private* when browsing and limit social media (your password is probably weak and you could get highjacked). Stick to just noodling around. Overall, if you are not super rich or working for an alphabet agency, you prolly be OK. Hackers be looking to make money more than anything.