I was driving to work last week, and NPR had a good story about a man in the middle attack for cell phones.
http://www.npr.org/blogs/alltechcons...pen-to-hackers
While their argument about cell phones is correct, it's not a problem limited to the cell phone devices. I frequently visit fast food restaurants and see people using their laptops. And I highly doubt many people realize the kind of security risk they are taking. Attackers can use a program called wireshark to monitor the unencrypted packets being communicated over the network. So I can sit in a corner and monitor every single web page a person visits, emails sent, and so forth. Any unencrypted traffic a person sends, I can get a copy of that information. In addition, many programs send background information to their respected networks once a connection has been established.
In a basic nutshell, understand that open wifi connections are like public phones (wow I'm getting old). Anyone can pick up and listen to the conversation.
If any of you programmers make applications that need to send information when connections are established, please check to see if the connection is on a public network; otherwise, you're sharing that user information with everyone.




Reply With Quote