Security: 3G Tethering vs. Public Wi-Fi

Discussion in 'macOS' started by brijazz, Oct 27, 2010.

  1. brijazz macrumors 6502


    Jul 31, 2008
    With all that's been written about Firesheep, I've been thinking about how best to secure my MacBook Pro when I'm browsing while out in public.

    I often use whatever free Wi-Fi is nearest (if I'm at a Starbucks for example). However, my iPhone plan (on Rogers here in Canada) does allow for tethering. What kind of security can I expect when tethering my iPhone vs. just using the public Wi-Fi?
  2. aristobrat macrumors G5

    Oct 14, 2005
    It's extremely easy for someone to capture/analyze WiFi traffic flying around free, unencrypted WiFi "hotspots" like Starbucks. If they happen to capture some of your packets when you're on a secure (https) website, they're not going to be able to do much with it, but as Firesheep has pointed out, there's a lot of cookies flying around via regular insecure http.

    It's way harder for someone to capture/analyze any of your data when you're tethering. A casual person just looking to snoop around while they're killing time at Starbucks isn't going to be able to pull that off.
  3. maflynn Moderator


    Staff Member

    May 3, 2009
    While firesheep certainly has caused attention to be drawn to the risks of unencryted network traffic, the vulnerability has always existed. To that end, I generally practice safe computing habits, like limiting what I do on open networks.
  4. brijazz thread starter macrumors 6502


    Jul 31, 2008
    I'd figured that tethering was safer than open wi-fi, but how does its security compare to something like WPA2?
  5. mug3n macrumors newbie

    Feb 13, 2010
    imo WPA2 is for all intents and purposes uncrackable unless you're using some non secure password like 1234. as long as you're mixing in upper/lowercase, numbers, and symbols, you should be fine security wise.
  6. brijazz thread starter macrumors 6502


    Jul 31, 2008
    I was actually more interested in knowing what kind of security is inherent in tethering. Any advice?
  7. Moomba macrumors regular

    Jun 7, 2008
    Charlotte, NC
    Honestly, GSM hacking isn't nearly as difficult as it was just a year or two ago. To answer your question as far as what kind of security tethering offers the simple answer is none. It is more security through obscurity. The caveat here is that in order to be able to sniff GSM packets you will need over $1000 worth of hardware. Then again this same hardware 1-2 years ago cost closer to $10,000.

    To sniff wifi traffic you just need a laptop (even most netbooks will do fine), some freely available software, and a wireless card that allows it to enter monitor mode.

    As far as WPA2 is by no means uncrackable, but it is significantly more time consuming than something like WEP. On a WEP encrypted network that sees some decent traffic it will often take as little as 5 minutes to crack.

    WPA2 is much more secure (the hash for the handshake is salted by the SSID you are connecting to) but is still susceptible to attack primarily via intercepting the parts of the four way handshake (transmitted when devices join the target network) and comparing the hashes to Rainbow Tables. Basically, it is akin to taking a dictionary of common passwords and their associated handshake/SSID's and comparing them to what you see in the packet capture. However, if you use a non-standard SSID you are much more safe while using WPA2 because odds are high that the attacker doesn't have rainbow tables for your corresponding SSID.

    In the end, if you are that paranoid and the network you are connecting to is either unencrypted or encrypted with WEP you will be much safer tethering your phone. That said, there is one further caveat. When you tether you should tether either via USB cable or via Bluetooth. If you tether via wifi to your phone then you have the exact same vulnerability as if you were connecting to the local wifi network.

    Basically, while GSM networks ARE vulnerable to sniffing it requires a much larger investment in hardware to be able to. Wifi sniffing is dirt cheep and simple to do.

    Hope this helps clarify a bit further.
  8. brijazz thread starter macrumors 6502


    Jul 31, 2008
    Definitely! Thanks for the thorough and informative answer :)
  9. miles01110 macrumors Core


    Jul 24, 2006
    The Ivory Tower (I'm not coming down)
    Any password-based security scheme is useless if your password is "1234" ...

Share This Page