How safe is public WiFi exactly?

Braders88

macrumors newbie
Original poster
Oct 2, 2013
29
3
Liverpool, England
Hello MacRumors community,

I just have a couple of quick questions that I am sure you awesome people could help me with.

1. When at my girlfriends house I use my 3G a lot. I was going to use the WiFi there for my emails, Facebook/Twitter, but I discovered they use a lot of Windows machines which have a couple of nasty viruses floating about on them. I understand the situation with Apple products and viruses but if I am using the same network wouldn't my information (passwords) be intercepted or compromised during the back and forth connection? Apologies if I have not explained that one too well.

2. My mother has joined the tech world and bought a tablet from her friend (Prestigo). She is not computer literate at all. She wants it for Facebook and everyday browsing. I understand it is Android and not as secure as Apple but I have to ask, if she visits a "not so friendly site" or ends up choosing to accept or download something containing a virus or something would my home network be at any risk of viruses?

Thank you guys for your replies, much appreciated!
 

bender86

macrumors newbie
Jan 30, 2014
1
0
First of all, the most important thing for security is user awareness to threads. So tell your relatives what they shouldn't do (such as opening PDFs from Emails by senders they don't know), and maybe install some web protection (like Script blockers, Adblockers, etc.) and make sure they use up-to-date software (Browser, Java, Flashplayer, etc.). This way you can mitigate the possibility of infections. Concerning your questions:

1. When at my girlfriends house I use my 3G a lot. I was going to use the WiFi there for my emails, Facebook/Twitter, but I discovered they use a lot of Windows machines which have a couple of nasty viruses floating about on them. I understand the situation with Apple products and viruses but if I am using the same network wouldn't my information (passwords) be intercepted or compromised during the back and forth connection? Apologies if I have not explained that one too well.
In short: if you access the websites via HTTPS, it is very unlikely an attacker can sniff your passwords. Nevertheless I would _not_ browse unsecured websites in such a network.
Longer answer: With HTTPS your connection is encrypted and an attacker needs to break the TLS security to sniff any data. Although there are possible attacks on TLS (see TLS B.E.A.S.T for example), an attacker would have to actively attack you and do a man-in-the-middle attack to steal your session data. Another possibility would be if he gets to poison your browsers TLS Root-certificates and he finds a way to get fake X.509 certificates for Facebook/Twitter and manages to provide them to you. This is *very* unlikely, and to manipulate your browsers Root certificates he needs to break the iPhone security, in this case you have lost already anyway. So: if you access websites via HTTPS it is highly unlikely that an attacker may steal any data.

2. My mother has joined the tech world and bought a tablet from her friend (Prestigo). She is not computer literate at all. She wants it for Facebook and everyday browsing. I understand it is Android and not as secure as Apple but I have to ask, if she visits a "not so friendly site" or ends up choosing to accept or download something containing a virus or something would my home network be at any risk of viruses?
Difficult to answer this question. I'd say, yes there is a thread, if she doesn't take care at all. I don't know much about android exploits, but I'd say it is possible, that she could get infected and her infection be used as gateway to your home network. I think this really depends on how advanced current Android trojans are and what user machines you're running in your home network (unpatched Windows XP? ^^). If you're running current operating systems with available patches applied I would rate the thread as "low". But as said in the beginning, the best defense is user awareness (plus up-to-date software), so give your mother some coaching of what to do and what to avoid.

Hope this helps.

/edit

Forgot about Emails.. make sure you're using secured connections to your mail servers (you should do this anyway). Have a look at your Email Settings and check if you have SSL/TLS enabled.
 
Last edited:

I7guy

macrumors Core
Nov 30, 2013
20,414
8,241
Gotta be in it to win it
Hello MacRumors community,

I just have a couple of quick questions that I am sure you awesome people could help me with.

1. When at my girlfriends house I use my 3G a lot. I was going to use the WiFi there for my emails, Facebook/Twitter, but I discovered they use a lot of Windows machines which have a couple of nasty viruses floating about on them. I understand the situation with Apple products and viruses but if I am using the same network wouldn't my information (passwords) be intercepted or compromised during the back and forth connection? Apologies if I have not explained that one too well.

2. My mother has joined the tech world and bought a tablet from her friend (Prestigo). She is not computer literate at all. She wants it for Facebook and everyday browsing. I understand it is Android and not as secure as Apple but I have to ask, if she visits a "not so friendly site" or ends up choosing to accept or download something containing a virus or something would my home network be at any risk of viruses?

Thank you guys for your replies, much appreciated!
On both points, I would not worry. Even with viruses it is highly unlikely the windows boxes could intercept the wifi communications. One way to be certain is to make sure the router has a guest network with access to the local lan turned off.

With the second point, even IOS has been compromised in the past. I wouldn't worry more about android than IOS. You have a valid concern but it is misplaced in thinking android is more vulnerable.
 

C DM

macrumors Sandy Bridge
Oct 17, 2011
47,470
16,003
So there are Windows boxes with viruses on them and no one is doing anything about it?
 

cynics

macrumors G4
Jan 8, 2012
11,303
1,695
Login on secure servers, most are. Regardless of the network it's just as difficult to sniff out a password within or beyond the network.

Keep "download from unknown sources" off, on the Android tablet for her. It's the default setting and unlikely she will find it.
 

Braders88

macrumors newbie
Original poster
Oct 2, 2013
29
3
Liverpool, England
How safe is public WiFi exactly?

Hey MacRumors community,

Hope you are all well, yet another security question from the cautious user that is Braders88. :cool:

Restaurants... Coffee shops... Airports... Everywhere!

Public WiFi is virtually everywhere! BUT, how often do you guys and gals use it? With 90% of them being open and having zero security it's very easy to jump from network to network whilst on the move these days.

Myself? I am paranoid... and I mean paranoid. I feel half of these connections will have some middle man eaves dropping and zapping my personal details at any given time. I am truly jealous of all these people who connect to these public hot spots willy-nilly and have zero care in the world.

Example; I went on a fantastic trip to NYC and took so many pictures, however I waited till I got home to upload them to Facebook. I thought using the hotels free WiFi would result in my details being logged by some middle man as I was transferring my details over an insecure network.

Now I could ramble on, but I think you get the idea. How are you guys and gals when it comes to public WiFi?

Thanks guys and gals! :apple:
 

Zenton

macrumors member
Oct 18, 2011
69
18
How safe is public WiFi exactly?

Why would you even care if someone were to "log your details"? What details are you referring to exactly? What would be logged? To where?

Why do you think your internet service provider isn't logging your "things" as well?

Edit: don't want to be rude or anything, just thinking why do you care about using some public wifi when you are anyway connecting to internet all the time. Or do you have some internet encrypting thingy going on at home? You use mobile networks, how safe can they be?
 
Last edited:

Braders88

macrumors newbie
Original poster
Oct 2, 2013
29
3
Liverpool, England
Why would you even care if someone would "log your details"? What details are you referring to exactly? What would be logged? To where?

Why do you think your internet service provider isn't logging your "things" as well?
Just passwords, bank details and such. Basically sensitive information?
Well at home I use a secure network so this does not bother me. As for my ISP I couldn't really care.
 

campyguy

macrumors 68040
Mar 21, 2014
3,415
932
I won't use a public hotspot unless I use a VPN and after I verify the name of the public hotspot with its owner (to make sure there isn't some tool using a MHS of their own with a similar name lurking nearby).
 

Winona Northdakota

macrumors 6502a
Dec 27, 2010
580
1
How safe is public WiFi exactly?

What do you mean?

I agree with you. A public wifi is not safe at all.

----------

I have yet to read about somebody's iPhone or iPad being compromised on a public WiFi network.

Seriously? It's not the device that we are talking about. It's the information that is sent and received with any device over a public Wi-Fi that is insecure. At least, use a VPN or tunnel into a secure server, when using a public Wi-Fi.

Though, it is true, IPhones and iPads as devices are far less susceptible to being hacked into or compromised than other platforms.
 
Last edited:

Zenton

macrumors member
Oct 18, 2011
69
18
I agree with you. A public wifi is not safe at all.

----------




Seriously? It's not the device that we are talking about. It's the information that is sent and received with any device over a public Wi-Fi that is insecure. At least, use a VPN or tunnel into a secure server, when using a public Wi-Fi.

Though, it is true, IPhones and iPads as devices are far less susceptible to being hacked into or compromised than other platforms.

Just out of interest, not saying you're wrong, but what exactly do you think might happen if you use a public wifi? Your information goes to where? What's being done with it then? Does this information stealing somehow affect your life or is it just the mere fact that your privacy is being disturbed that bothers you?
 

EdgardasB

macrumors 6502a
Apr 14, 2014
618
80
Lithuania
Just out of interest, not saying you're wrong, but what exactly do you think might happen if you use a public wifi? Your information goes to where? What's being done with it then? Does this information stealing somehow affect your life or is it just the mere fact that your privacy is being disturbed that bothers you?
Arp packet spoofing and they can get all your information, accounts which you have used on public WiFi. Even can redirect to malicious website and control your PC
 

Winona Northdakota

macrumors 6502a
Dec 27, 2010
580
1
How safe is public WiFi exactly?

Just out of interest, not saying you're wrong, but what exactly do you think might happen if you use a public wifi? Your information goes to where? What's being done with it then? Does this information stealing somehow affect your life or is it just the mere fact that your privacy is being disturbed that bothers you?



My local coffee shop has free Wi-Fi. It's a commercial service where customers are given a login code. Everyone thinks they are safe and secure in their own little login bubble. I can launch my Wi-Fi on my MacBook Pro and using standard Unix built in Wi-Fi diagnostics, I can packet sniff all Wi-Fi traffic on the coffee shop's network. Anyone running OS X can do this.



When you connect to any W-Fi, other than your own, you are at the mercy of the person(s) who set it up and administer it to be safe. A good question is, why do we even have passwords and logins in the first place?
 
Last edited:

bbrks

macrumors 65816
Dec 17, 2013
1,446
768
Let me grab a beer and nuts.......continue please hahahahahahahahaha.
Love the paranoia hahahaha.
 

Zenton

macrumors member
Oct 18, 2011
69
18
Arp packet spoofing and they can get all your information, accounts which you have used on public WiFi. Even can redirect to malicious website and control your PC
Who can get? An ill minded criminal, who would do exactly what with YOUR information? Credit card theft or something like that? Read your emails? Log into your Facebook and troll? Are you seriously afraid that something like that would happen? What about hacker groups who steal millions of passwords from various services, how can you ever register to a site since then your data is stored in some server and is therefore possibly "stealable"? Who do you know that someone isn't monitoring your cellphone?

I understand if one doesn't want to log in to his bank account in Starbucks' public wifi, but pretty much anything else is beyond me.
 

Suture

macrumors 6502a
Feb 22, 2007
952
176
I stay away from public wifi as much as possible, only using it when I absolutely have to, and do not have access to my own LTE connections on AT&T or T-Mobile.

Even when I do have to use it, I always use VPN. It's far too easy to sniff traffic otherwise.
 

yg17

macrumors G5
Aug 1, 2004
14,888
2,480
St. Louis, MO
I perform pretty much everything on Public WiFi except Internet Banking.
If your bank uses SSL, and if they don't, I would change banks immediately, then your data isn't at risk on public WiFi.

But logging into MacRumors via WiFi? Someone could easily sniff out your username and password.
 

superbovine

macrumors 68030
Nov 7, 2003
2,872
0
Most large companies deal with he public wifi problem by using a virtual private network,vpn,which provides an encrypted tunnel to a secured network. Once connected you can surf like normal, but everything will be encrypted. Without encryption people with a little knowledge can use software to see exactly what you do. Banks and most email service encrypted your password, some email service do not encrypt your email itself. Therefore someone could read your, emails, tweets, dirty selfies etc.

For someone who does not work for a company there are pay services out there that will provide a vpn for you. Hidemyass is a popular service and one noted by the media the hacker group anonymous used.