How secure is open wifi on an iPad?

Discussion in 'iPad' started by stanw, Sep 3, 2015.

  1. stanw macrumors 6502a

    Joined:
    Aug 29, 2007
    #1
    when using open wifi at coffee shops, schools, etc. what issues are there, if any with someone being able to:

    1. Get into my iPad and access anything on it?
    2. Someone being able to read emails or messages sent?

    Thanks.
     
  2. Newtons Apple macrumors Pentium

    Newtons Apple

    Joined:
    Mar 12, 2014
    Location:
    Jacksonville, Florida
    #2
    When you are at a coffee shop you do not know if you are really using the coffee shop's WiFi or someone elses WiFi that is set up to look like the coffee shop's WiFi. NEVER do things like banking in a public WiFi area. Public WiFi and iPads are not secure. You can still cruise the Internet and even send and receive emails but try to use no site that takes passwords as they can be compromised.
     
  3. newellj macrumors 601

    Joined:
    Oct 15, 2014
    Location:
    Boston, MA, US
    #3
    To say the same thing differently, anything you send on the unsecured wifi is easily captured by anyone who cares to do so. Passwords, financial information and anything else that's sensitive should never be sent over an unsecured wifi connection. Web browsing, emails, etc. may be of less concern, but that's based on the assumption that there's nothing you care about being sent across the wifi connection.
     
  4. stanw thread starter macrumors 6502a

    Joined:
    Aug 29, 2007
    #4
    Thanks for the replies. So if I understand correctly, I should avoid using any site over public wifi that may require me to login because that can be captured by someone. I guess I also need to be careful to not send any emails with info in them that I would not want anyone else to read.

    My big concern is that by using public wifi that something could be put on the iPad that can capture my future keystrokes or send my info to someone else later on even on my own personal network. Has anything like this ever been documented being done?

    Thanks.
     
  5. mhdena macrumors 6502

    Joined:
    Sep 16, 2009
    #5
    Don't use any site or app that requires you log in with a password.
     
  6. rigormortis, Sep 3, 2015
    Last edited: Sep 3, 2015

    rigormortis macrumors 68000

    rigormortis

    Joined:
    Jun 11, 2009
    #6
    a public "encrypted" wifi network is no more secure then a public "unencrypted" wifi network. so the answer should be your internet connection is only secure as long as no one else has your wifi passphrase ( password ). anyone with the wifi key can browse your activities just like if you had no encryption at all.


    how WPA pre shared key works
    each device is given a 8 way handshake packet.
    your wifi password is hashed into this handshake packet. the hash consists of your network name and password
    and a mathematical formula.
    this packet tells the wifi router you are authorized to encrypt and decrypt wifi trafffic.
    the wifi router tells each client what the current group key is.
    the group key is used to encrypt and decrypt network traffic for all clients.
    the group key changes every hour.
    authorized clients get the new group key
    this is called "rolling keys"
    if i disconnect and monitor the wifi traffic, i have to reconnect when the group key changes or i am locked out. some routers can be set to change the group key every 5 minutes. but most are configured to change the group key once an hour

    if i am authorized to decrypt network traffic i can easily decrypt yours , because you are using the same group key

    how safe is the group key?
    very, the group key uses AES-256 based encryption. its very secure unless of course you know the key. the basic rule of thumb i heard was that if you change your group key every hour on the hour, you have to wait at least 100 years for the same key to be used twice.

    how do i stop this?
    don't give away your wifi password, don't connect to people's encrypted wifi networks you don't trust


    whats different about wifi enterprise??

    each client encrypts their traffic individually using a different key then anyone elses. no ones key is the same as anyone else key. this is more secure then WPA pre shared key.

    don't accept rubber stamp answers that say just because a WPA2 AES network is encrypted means its safer then one with no encryption at all.
     
  7. Newtons Apple macrumors Pentium

    Newtons Apple

    Joined:
    Mar 12, 2014
    Location:
    Jacksonville, Florida
    #7
    Chances are very slight that that could happen as long as you do not download any apps from sites other than the Official Apple App Store. I use my iPad all the time over public WiFi and as long as you are careful you are good. If I have to do banking of other sensitive stuff I will log off the WiFi and turn on my cellular.
     
  8. legioxi macrumors 6502a

    Joined:
    Mar 2, 2013
    #8
    If the sites you're browsing are using SSL and you don't bypass any SSL errors, the traffic will be encrypted even if the wifi network is open. If someone is performing a MITM attack, the browser will show an SSL error. These should not be ignored and you should avoid using any sites with SSL errors.

    Your best bet is to find a reliable and trusted VPN provider and always connect to the VPN when on untrusted networks.
     
  9. kazmac macrumors 601

    kazmac

    Joined:
    Mar 24, 2010
    Location:
    in a Shaw Brothers wu xia

Share This Page