Can other people on an encrypted Wi-Fi AP see what you're doing?

security wireless-networking cryptography wpa

Solution 1:

Yes, with WEP encryption it's super simple. Everything's encrypted with the key you needed to know to get on the network. Everyone on the network can decode everyone else's traffic without even trying.

With WPA-PSK and WPA2-PSK, it's a little trickier, but not too hard. WPA-PSK and WPA2-PSK encrypt everything with per-client, per-session keys, but those keys are derived from the Pre-Shared Key (the PSK; the key you have to know to get on the network) plus some information exchanged in the clear when the client joins or re-joins the network. So if you know the PSK for the network, and your sniffer catches the "4-way handshake" another client does with the AP as it joins, you can decrypt all of that client's traffic. If you didn't happen to capture that client's 4-way handshake, you can send a spoofed de-authenticate packet to the target client (spoofing it to make it look like it came from the AP's MAC address), forcing the client to fall off the network and get back on, so you can capture its 4-way handshake this time, and decrypt all further traffic to/from that client. The user of the machine receiving the spoofed de-auth probably won't even notice that his laptop was off the network for a split second. Note that NO man-in-the-middle hassle is necessary for this attack. The attacker just has to capture a few specific frames at the time the target client (re-)joins the network.

With WPA-Enterprise and WPA2-Enterprise (that is, with 802.1X authentication instead of using a Pre-Shared Key), all the per-client per-session keys are derived completely independently, so there's no possibility of decoding each others' traffic. An attacker would either have to sniff your traffic on the wired side of the AP, or possibly set up a rogue AP in the hope that you'll ignore the bogus server-side certificate the rogue AP would send, and join the rogue AP anyway.

Solution 2:

WPA at least has some form of session keys. Assuming (I'm not sure what WPA actually uses) the session keys are established using a protocol like Diffie-Hellman, they are initially secure even when the PSK is not. With the TKIP cypher session keys can be broken quickly, letting someone intercept and inject packets without knowing the pre-shared key.

However, someone who knows the PSK could just set up a rogue access point, do a man in the middle and pick their own session keys, which makes the point moot. An active attacker who knows your PSK can control the link layer, intercepting and modifying packets.

If you replace PSK authentication with IEEE 802.1X, which uses certificates and a PKI, you can trust the AP is initially the right one. A MITM would require the attacker to break clients and access point to get their private certificates, instead of just getting the PSK. The protocol seems to have a weakness that lets an attacker do a man in the middle after the initial authentication; I don't know how applicable this is to the wireless case. But people have a tendency to accept certificates blindly, and not all access points let you configure 802.1X.

Related

Why is base64 needed (aka why can't I just email a binary file)?
Can I right-click a folder in Windows 7 and choose "Open with Sublime Text"?
7-Zip command line to zip all the content of a folder (without zipping the folder itself) [duplicate]
Why do file copy operations in Linux get slower over time?
What is compatible mode in Vim?
Geany invisible underscore
Copying a multiline text into a single cell in Excel
Remove first N lines from an active log file
PC Boots then writes giant datastore.edb file slowing the computer down
Program starts with Windows even though it is not listed in autostart
How can I run a scheduled task as SYSTEM
How do i get the git pager to clean up screen output after exit?