How safe is public WiFi exactly?

Discussion in 'iOS 7' started by Braders88, Jan 30, 2014.

  1. Braders88 macrumors newbie

    Braders88

    Joined:
    Oct 2, 2013
    Location:
    Liverpool, England
    #1
    Hello MacRumors community,

    I just have a couple of quick questions that I am sure you awesome people could help me with.

    1. When at my girlfriends house I use my 3G a lot. I was going to use the WiFi there for my emails, Facebook/Twitter, but I discovered they use a lot of Windows machines which have a couple of nasty viruses floating about on them. I understand the situation with Apple products and viruses but if I am using the same network wouldn't my information (passwords) be intercepted or compromised during the back and forth connection? Apologies if I have not explained that one too well.

    2. My mother has joined the tech world and bought a tablet from her friend (Prestigo). She is not computer literate at all. She wants it for Facebook and everyday browsing. I understand it is Android and not as secure as Apple but I have to ask, if she visits a "not so friendly site" or ends up choosing to accept or download something containing a virus or something would my home network be at any risk of viruses?

    Thank you guys for your replies, much appreciated!
     
  2. bender86, Jan 30, 2014
    Last edited: Jan 30, 2014

    bender86 macrumors newbie

    Joined:
    Jan 30, 2014
    #2
    First of all, the most important thing for security is user awareness to threads. So tell your relatives what they shouldn't do (such as opening PDFs from Emails by senders they don't know), and maybe install some web protection (like Script blockers, Adblockers, etc.) and make sure they use up-to-date software (Browser, Java, Flashplayer, etc.). This way you can mitigate the possibility of infections. Concerning your questions:

    In short: if you access the websites via HTTPS, it is very unlikely an attacker can sniff your passwords. Nevertheless I would _not_ browse unsecured websites in such a network.
    Longer answer: With HTTPS your connection is encrypted and an attacker needs to break the TLS security to sniff any data. Although there are possible attacks on TLS (see TLS B.E.A.S.T for example), an attacker would have to actively attack you and do a man-in-the-middle attack to steal your session data. Another possibility would be if he gets to poison your browsers TLS Root-certificates and he finds a way to get fake X.509 certificates for Facebook/Twitter and manages to provide them to you. This is *very* unlikely, and to manipulate your browsers Root certificates he needs to break the iPhone security, in this case you have lost already anyway. So: if you access websites via HTTPS it is highly unlikely that an attacker may steal any data.

    Difficult to answer this question. I'd say, yes there is a thread, if she doesn't take care at all. I don't know much about android exploits, but I'd say it is possible, that she could get infected and her infection be used as gateway to your home network. I think this really depends on how advanced current Android trojans are and what user machines you're running in your home network (unpatched Windows XP? ^^). If you're running current operating systems with available patches applied I would rate the thread as "low". But as said in the beginning, the best defense is user awareness (plus up-to-date software), so give your mother some coaching of what to do and what to avoid.

    Hope this helps.

    /edit

    Forgot about Emails.. make sure you're using secured connections to your mail servers (you should do this anyway). Have a look at your Email Settings and check if you have SSL/TLS enabled.
     
  3. I7guy macrumors P6

    I7guy

    Joined:
    Nov 30, 2013
    Location:
    Gotta be in it to win it
    #3
    On both points, I would not worry. Even with viruses it is highly unlikely the windows boxes could intercept the wifi communications. One way to be certain is to make sure the router has a guest network with access to the local lan turned off.

    With the second point, even IOS has been compromised in the past. I wouldn't worry more about android than IOS. You have a valid concern but it is misplaced in thinking android is more vulnerable.
     
  4. C DM macrumors Westmere

    Joined:
    Oct 17, 2011
    #4
    So there are Windows boxes with viruses on them and no one is doing anything about it?
     
  5. cynics macrumors G4

    Joined:
    Jan 8, 2012
    #5
    Login on secure servers, most are. Regardless of the network it's just as difficult to sniff out a password within or beyond the network.

    Keep "download from unknown sources" off, on the Android tablet for her. It's the default setting and unlikely she will find it.
     
  6. Braders88 thread starter macrumors newbie

    Braders88

    Joined:
    Oct 2, 2013
    Location:
    Liverpool, England
    #6
    How safe is public WiFi exactly?

    Hey MacRumors community,

    Hope you are all well, yet another security question from the cautious user that is Braders88. :cool:

    Restaurants... Coffee shops... Airports... Everywhere!

    Public WiFi is virtually everywhere! BUT, how often do you guys and gals use it? With 90% of them being open and having zero security it's very easy to jump from network to network whilst on the move these days.

    Myself? I am paranoid... and I mean paranoid. I feel half of these connections will have some middle man eaves dropping and zapping my personal details at any given time. I am truly jealous of all these people who connect to these public hot spots willy-nilly and have zero care in the world.

    Example; I went on a fantastic trip to NYC and took so many pictures, however I waited till I got home to upload them to Facebook. I thought using the hotels free WiFi would result in my details being logged by some middle man as I was transferring my details over an insecure network.

    Now I could ramble on, but I think you get the idea. How are you guys and gals when it comes to public WiFi?

    Thanks guys and gals! :apple:
     
  7. Zenton, Aug 23, 2014
    Last edited: Aug 23, 2014

    Zenton macrumors member

    Joined:
    Oct 18, 2011
    #7
    How safe is public WiFi exactly?

    Why would you even care if someone were to "log your details"? What details are you referring to exactly? What would be logged? To where?

    Why do you think your internet service provider isn't logging your "things" as well?

    Edit: don't want to be rude or anything, just thinking why do you care about using some public wifi when you are anyway connecting to internet all the time. Or do you have some internet encrypting thingy going on at home? You use mobile networks, how safe can they be?
     
  8. Braders88 thread starter macrumors newbie

    Braders88

    Joined:
    Oct 2, 2013
    Location:
    Liverpool, England
    #8
    Just passwords, bank details and such. Basically sensitive information?
    Well at home I use a secure network so this does not bother me. As for my ISP I couldn't really care.
     
  9. FatPuppy macrumors 68000

    FatPuppy

    Joined:
    Jul 14, 2012
  10. Winona Northdakota macrumors 6502a

    Joined:
    Dec 27, 2010
    #10

    ^This.
     
  11. FatPuppy, Aug 23, 2014
    Last edited: Aug 24, 2014

    FatPuppy macrumors 68000

    FatPuppy

    Joined:
    Jul 14, 2012
    #11

    What do you mean?

    YEEEE, my 1000th post on MacRumors.
     
  12. campyguy macrumors 68040

    Joined:
    Mar 21, 2014
    Location:
    Portland / Seattle
    #12
    I won't use a public hotspot unless I use a VPN and after I verify the name of the public hotspot with its owner (to make sure there isn't some tool using a MHS of their own with a similar name lurking nearby).
     
  13. SpyderBite macrumors 65816

    SpyderBite

    Joined:
    Oct 4, 2011
    Location:
    Xanadu
    #13
    I have yet to read about somebody's iPhone or iPad being compromised on a public WiFi network.
     
  14. Winona Northdakota, Aug 23, 2014
    Last edited: Aug 23, 2014

    Winona Northdakota macrumors 6502a

    Joined:
    Dec 27, 2010
    #14
    How safe is public WiFi exactly?


    I agree with you. A public wifi is not safe at all.

    ----------


    Seriously? It's not the device that we are talking about. It's the information that is sent and received with any device over a public Wi-Fi that is insecure. At least, use a VPN or tunnel into a secure server, when using a public Wi-Fi.

    Though, it is true, IPhones and iPads as devices are far less susceptible to being hacked into or compromised than other platforms.
     
  15. Zenton macrumors member

    Joined:
    Oct 18, 2011
    #15

    Just out of interest, not saying you're wrong, but what exactly do you think might happen if you use a public wifi? Your information goes to where? What's being done with it then? Does this information stealing somehow affect your life or is it just the mere fact that your privacy is being disturbed that bothers you?
     
  16. bandofbrothers macrumors 601

    bandofbrothers

    Joined:
    Oct 14, 2007
    Location:
    Uk
    #16
    I perform pretty much everything on Public WiFi except Internet Banking.
     
  17. EdgardasB macrumors 6502a

    EdgardasB

    Joined:
    Apr 14, 2014
    Location:
    Lithuania
    #17
    Arp packet spoofing and they can get all your information, accounts which you have used on public WiFi. Even can redirect to malicious website and control your PC
     
  18. Winona Northdakota, Aug 24, 2014
    Last edited: Aug 24, 2014

    Winona Northdakota macrumors 6502a

    Joined:
    Dec 27, 2010
    #18
    How safe is public WiFi exactly?




    My local coffee shop has free Wi-Fi. It's a commercial service where customers are given a login code. Everyone thinks they are safe and secure in their own little login bubble. I can launch my Wi-Fi on my MacBook Pro and using standard Unix built in Wi-Fi diagnostics, I can packet sniff all Wi-Fi traffic on the coffee shop's network. Anyone running OS X can do this.

    [​IMG]

    When you connect to any W-Fi, other than your own, you are at the mercy of the person(s) who set it up and administer it to be safe. A good question is, why do we even have passwords and logins in the first place?
     
  19. bbrks macrumors 65816

    bbrks

    Joined:
    Dec 17, 2013
    #19
    Let me grab a beer and nuts.......continue please hahahahahahahahaha.
    Love the paranoia hahahaha.
     
  20. Zenton macrumors member

    Joined:
    Oct 18, 2011
    #20
    Who can get? An ill minded criminal, who would do exactly what with YOUR information? Credit card theft or something like that? Read your emails? Log into your Facebook and troll? Are you seriously afraid that something like that would happen? What about hacker groups who steal millions of passwords from various services, how can you ever register to a site since then your data is stored in some server and is therefore possibly "stealable"? Who do you know that someone isn't monitoring your cellphone?

    I understand if one doesn't want to log in to his bank account in Starbucks' public wifi, but pretty much anything else is beyond me.
     
  21. Suture macrumors 6502a

    Suture

    Joined:
    Feb 22, 2007
    #21
    I stay away from public wifi as much as possible, only using it when I absolutely have to, and do not have access to my own LTE connections on AT&T or T-Mobile.

    Even when I do have to use it, I always use VPN. It's far too easy to sniff traffic otherwise.
     
  22. yg17 macrumors G5

    yg17

    Joined:
    Aug 1, 2004
    Location:
    St. Louis, MO
    #22
    If your bank uses SSL, and if they don't, I would change banks immediately, then your data isn't at risk on public WiFi.

    But logging into MacRumors via WiFi? Someone could easily sniff out your username and password.
     
  23. Dilster3k macrumors 6502a

    Dilster3k

    Joined:
    Jul 20, 2014
    Location:
    Frankfurt, Germany
  24. superbovine macrumors 68030

    superbovine

    Joined:
    Nov 7, 2003
    #24
    Most large companies deal with he public wifi problem by using a virtual private network,vpn,which provides an encrypted tunnel to a secured network. Once connected you can surf like normal, but everything will be encrypted. Without encryption people with a little knowledge can use software to see exactly what you do. Banks and most email service encrypted your password, some email service do not encrypt your email itself. Therefore someone could read your, emails, tweets, dirty selfies etc.

    For someone who does not work for a company there are pay services out there that will provide a vpn for you. Hidemyass is a popular service and one noted by the media the hacker group anonymous used.
     
  25. solaris macrumors 6502a

    solaris

    Joined:
    Apr 19, 2004
    Location:
    Oslo, Norway
    #25
    This!

    Which is why I always use VPN on public WiFi.
     

Share This Page