Results 1 to 6 of 6

Thread: Man in the middle attacks on popular open wifi networks.

  1. #1

    Thread Starter
    Hyperactive Member Maven's Avatar
    Join Date
    Feb 2003
    Location
    Greeneville, TN
    Posts
    322

    Man in the middle attacks on popular open wifi networks.

    I was driving to work last week, and NPR had a good story about a man in the middle attack for cell phones.

    http://www.npr.org/blogs/alltechcons...pen-to-hackers

    While their argument about cell phones is correct, it's not a problem limited to the cell phone devices. I frequently visit fast food restaurants and see people using their laptops. And I highly doubt many people realize the kind of security risk they are taking. Attackers can use a program called wireshark to monitor the unencrypted packets being communicated over the network. So I can sit in a corner and monitor every single web page a person visits, emails sent, and so forth. Any unencrypted traffic a person sends, I can get a copy of that information. In addition, many programs send background information to their respected networks once a connection has been established.

    In a basic nutshell, understand that open wifi connections are like public phones (wow I'm getting old). Anyone can pick up and listen to the conversation.

    If any of you programmers make applications that need to send information when connections are established, please check to see if the connection is on a public network; otherwise, you're sharing that user information with everyone.
    Education is an admirable thing, but it is well to remember from time to time that nothing that is worth knowing can be taught. - Oscar Wilde

  2. #2
    WiggleWiggle dclamp's Avatar
    Join Date
    Aug 2006
    Posts
    3,527

    Re: Man in the middle attacks on popular open wifi networks.

    I am not sure if you watch HAK5 on YouTube. Its a technology vlog / security hacking group. They have several episodes on man in the middle attacks using their "Wifi Pineapple" which is an Open hotspot with a generic name such as "Free Wifi" or "CoffeeShopName Wifi" so it looks legitimate, but its not. From there they are able to either record connected people's traffic or actively watch it. It is really interesting and informative.

    I also read about a large scale man in the middle attack that actually occurred at a computer security conference. The person who hosted the attack later used the stats he collected in his presentation at that same conference later.

  3. #3

    Thread Starter
    Hyperactive Member Maven's Avatar
    Join Date
    Feb 2003
    Location
    Greeneville, TN
    Posts
    322

    Re: Man in the middle attacks on popular open wifi networks.

    Quote Originally Posted by dclamp View Post
    I am not sure if you watch HAK5 on YouTube. Its a technology vlog / security hacking group. They have several episodes on man in the middle attacks using their "Wifi Pineapple" which is an Open hotspot with a generic name such as "Free Wifi" or "CoffeeShopName Wifi" so it looks legitimate, but its not. From there they are able to either record connected people's traffic or actively watch it. It is really interesting and informative.

    I also read about a large scale man in the middle attack that actually occurred at a computer security conference. The person who hosted the attack later used the stats he collected in his presentation at that same conference later.
    I wonder if anyone from Microsoft reads these forums. They are missing a feature in their .net library that makes this problem worse. Application developers using .net don't have an easy method to use to determine if a connection is established over an open network or over an encrypted network. There are lower level ways to get this information, but it should really be accessible through .net given the widespread scale of the problem.
    Education is an admirable thing, but it is well to remember from time to time that nothing that is worth knowing can be taught. - Oscar Wilde

  4. #4
    New Member
    Join Date
    Mar 2014
    Posts
    9

    Re: Man in the middle attacks on popular open wifi networks.

    In fact this is why I try to avoid establishing connections using open hotspots. But If I really have to do it, I use Firefox with HTTPS Everywhere plugin.

  5. #5
    PowerPoster Evil_Giraffe's Avatar
    Join Date
    Aug 2002
    Location
    Suffolk, UK
    Posts
    2,555

    Re: Man in the middle attacks on popular open wifi networks.

    Quote Originally Posted by Maven View Post
    They are missing a feature in their .net library that makes this problem worse. Application developers using .net don't have an easy method to use to determine if a connection is established over an open network or over an encrypted network.
    That's not actually going to make any difference. It's still possible to eavesdrop on an encrypted wireless network by watching the initial connection (and for existing connections you can disrupt the connection so it needs to be re-established). It also doesn't help with the network you're connecting to tracking you.

    What solves the problem, as noted by kred, is using a secure connection to the server you are communicating with. The client application must verify the certificate, of course - web browsers do this, but often mobile apps don't.

  6. #6

    Thread Starter
    Hyperactive Member Maven's Avatar
    Join Date
    Feb 2003
    Location
    Greeneville, TN
    Posts
    322

    Re: Man in the middle attacks on popular open wifi networks.

    Quote Originally Posted by Evil_Giraffe View Post
    That's not actually going to make any difference. It's still possible to eavesdrop on an encrypted wireless network by watching the initial connection (and for existing connections you can disrupt the connection so it needs to be re-established). It also doesn't help with the network you're connecting to tracking you.

    What solves the problem, as noted by kred, is using a secure connection to the server you are communicating with. The client application must verify the certificate, of course - web browsers do this, but often mobile apps don't.

    The big deal about open connections is that everything is transmitted in the clear for anyone in the area with a wireless connection in promiscuous mode to see. So a lot of applications that ping home can reveal a great deal of information about the user. The goal here is to avoid that situation.

    Application developers could help here by writing smarter programs. But Microsoft needs to include some API function in their .net library so that developers can detect the security of the network. Right now Microsoft has a jumbled mess of API's for detecting security in wireless connections. They should smooth it over and put it in .net so that programmers can run a test on security before sending out information.

    On the other end, open networks are just crazy. It's popular but it's trouble.
    Last edited by Maven; Jun 24th, 2014 at 04:44 AM.
    Education is an admirable thing, but it is well to remember from time to time that nothing that is worth knowing can be taught. - Oscar Wilde

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  



Click Here to Expand Forum to Full Width