Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

How secure is open wifi on an iPad?

S

stanw

macrumors 6502a
Original poster
Aug 29, 2007
842
5
when using open wifi at coffee shops, schools, etc. what issues are there, if any with someone being able to:

1. Get into my iPad and access anything on it?
2. Someone being able to read emails or messages sent?

Thanks.
 
stanw said:
when using open wifi at coffee shops, schools, etc. what issues are there, if any with someone being able to:

1. Get into my iPad and access anything on it?
2. Someone being able to read emails or messages sent?

Thanks.
Click to expand...

When you are at a coffee shop you do not know if you are really using the coffee shop's WiFi or someone elses WiFi that is set up to look like the coffee shop's WiFi. NEVER do things like banking in a public WiFi area. Public WiFi and iPads are not secure. You can still cruise the Internet and even send and receive emails but try to use no site that takes passwords as they can be compromised.
 
Newtons Apple said:
When you are at a coffee shop you do not know if you are really using the coffee shop's WiFi or someone elses WiFi that is set up to look like the coffee shop's WiFi. NEVER do things like banking in a public WiFi area. Public WiFi and iPads are not secure. You can still cruise the Internet and even send and receive emails but try to use no site that takes passwords as they can be compromised.
Click to expand...

To say the same thing differently, anything you send on the unsecured wifi is easily captured by anyone who cares to do so. Passwords, financial information and anything else that's sensitive should never be sent over an unsecured wifi connection. Web browsing, emails, etc. may be of less concern, but that's based on the assumption that there's nothing you care about being sent across the wifi connection.
 
  • Like
Reactions: ron7624 and Newtons Apple
Thanks for the replies. So if I understand correctly, I should avoid using any site over public wifi that may require me to login because that can be captured by someone. I guess I also need to be careful to not send any emails with info in them that I would not want anyone else to read.

My big concern is that by using public wifi that something could be put on the iPad that can capture my future keystrokes or send my info to someone else later on even on my own personal network. Has anything like this ever been documented being done?

Thanks.
 
a public "encrypted" wifi network is no more secure then a public "unencrypted" wifi network. so the answer should be your internet connection is only secure as long as no one else has your wifi passphrase ( password ). anyone with the wifi key can browse your activities just like if you had no encryption at all.


how WPA pre shared key works
each device is given a 8 way handshake packet.
your wifi password is hashed into this handshake packet. the hash consists of your network name and password
and a mathematical formula.
this packet tells the wifi router you are authorized to encrypt and decrypt wifi trafffic.
the wifi router tells each client what the current group key is.
the group key is used to encrypt and decrypt network traffic for all clients.
the group key changes every hour.
authorized clients get the new group key
this is called "rolling keys"
if i disconnect and monitor the wifi traffic, i have to reconnect when the group key changes or i am locked out. some routers can be set to change the group key every 5 minutes. but most are configured to change the group key once an hour

if i am authorized to decrypt network traffic i can easily decrypt yours , because you are using the same group key

how safe is the group key?
very, the group key uses AES-256 based encryption. its very secure unless of course you know the key. the basic rule of thumb i heard was that if you change your group key every hour on the hour, you have to wait at least 100 years for the same key to be used twice.

how do i stop this?
don't give away your wifi password, don't connect to people's encrypted wifi networks you don't trust


whats different about wifi enterprise??

each client encrypts their traffic individually using a different key then anyone elses. no ones key is the same as anyone else key. this is more secure then WPA pre shared key.

don't accept rubber stamp answers that say just because a WPA2 AES network is encrypted means its safer then one with no encryption at all.
 
Last edited:
stanw said:
Thanks for the replies. So if I understand correctly, I should avoid using any site over public wifi that may require me to login because that can be captured by someone. I guess I also need to be careful to not send any emails with info in them that I would not want anyone else to read.

My big concern is that by using public wifi that something could be put on the iPad that can capture my future keystrokes or send my info to someone else later on even on my own personal network. Has anything like this ever been documented being done?

Thanks.
Click to expand...

Chances are very slight that that could happen as long as you do not download any apps from sites other than the Official Apple App Store. I use my iPad all the time over public WiFi and as long as you are careful you are good. If I have to do banking of other sensitive stuff I will log off the WiFi and turn on my cellular.
 
If the sites you're browsing are using SSL and you don't bypass any SSL errors, the traffic will be encrypted even if the wifi network is open. If someone is performing a MITM attack, the browser will show an SSL error. These should not be ignored and you should avoid using any sites with SSL errors.

Your best bet is to find a reliable and trusted VPN provider and always connect to the VPN when on untrusted networks.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back