On unencrypted public wifi, what kind of real danger am I in?

Solution 1:

a1) What do you mean by "what are the chances"? What are the chances the wifi owner is malicious, or what are the chances they can do it if they are? The former question I have no data on. The latter depends on what you're using their wifi for. If you are downloading executable files and running them then obviously it's very easy for them to put malware on your computer. The next most likely vectors are PDFs, or malicious Java / Flash / scripts on websites, but all of those would need you to be running vulnerable software (although in the case of Adobe Acrobat, it is vulnerable even if you are 100% up to date, we just don't know what's wrong with it yet ;)

To avoid this I would say, in ascending order of paranoia (i.e. 1 is sensible, the rest are more paranoid):

  1. Do not download any executables over an internet connection you don't trust
  2. Don't have your browser set up to open PDFs in Acrobat (there are many safer alternatives), Flash, or Java applets without asking you
  3. Consider using NoScript

Of course, if you are using SSL websites, then they cannot modify what data you get. Probably. See answer 3.

a2) Assuming no malware has been planted on your computer, and you operate under the rules in answer 1, effectively zero. There might be programs that are leaking information, or have bugs that let people put things on your computer, but that isn't really relevant to the wifi. Minimising the number of applications allowed to use the internet (in the firewall settings) is a good idea for this reason.

a3) When you use HTTPs your browser verifies that the site is who they say they are by checking their certificate. Only certain people can give out these certificates, and your browser knows how to check theirs.

What does this mean for security? Well for one, it means you are trusting those certificate writers. There have been attacks on their systems to produce fraudulent certs in the past, and there have been cases of browsers trusting certificate authorities that no one is quite sure who owns them now.

What can you do? Some browsers have extensions to help you out here. What you want is something that remembers what certificate a given website had last time you visited it, and will put up a big fat warning if that changes. This means even if a certificate authority is compromised in some way, you still won't hand over your data.

This is a very unlikely outcome, by the way - it would require someone to obtain a fraudulent cert AND to then target people using that site over their wifi... Given the value of the cert, and the effort to obtain it, it's much more likely it would be used in a wider attack. But it won't hurt to protect yourself against such things, anyway.

Oh and of course, sites using self-signed certificates are trivial to masquerade as. Having an extension that compares the cert to the last time you accessed them would alert you to any man-in-the-middle going on.

q3) the sensitive data I transmit using https being seen or stolen and unencrypted?

Solution 2:

Q1) Barring any problems with the IP stack, your main risk additional risk is a man in the middle type attack where someone masquerades as the server, and injects code into some data you retrieve. This is a risk whenever you don`t have control of the full path. Whether or not the connection is encrypted likely does not change the risk much. Code injection attacks are generally done by infecting the server and is unrelated to wi-fi access.

Q2) Unless file sharing of some form gets turned on your computer data should be safe from network file access. Problems with the IP stack or other software may allow someone to crack your system. Other than ease of directly accessing your computer via the network, using public wi-fi does not change the risk much. If you keep patched, all known vectors should be covered.

Q3) HTTPS is quite secure, and there are no known practical cracking methods for the common cyphers. Data transmitted over this protocol can be consider secure. Man in the middle attacks are possible, but generally require a matching certificate issued by a trusted certificate vendor. There have been some attacks in the past where the address bar was overwritten to hide the real address. This should no longer be possible.

You seem to be following good procedures for ensuring you are safe. If you are the specifically targeted, your risk goes up. Use of public wi-fi may increase your risk somewhat for some targeted attack vectors.

The Secunia PSI software can audit your installed software for known security risks.

Solution 3:

In most cases public wifi should be no more risky from the sort of malware your antivirus software might stop than any other wifi. However, it is possible to set up many access points to use what it called a "captive portal" page — the kind of thing you might find in places that make you log on before passing traffic to the web. A hacker could set up one of these pages to auto-authenticate you and then redirect you to any malicious web site of their choosing.

Additionally, when you use unencrypted wifi all your non-https traffic is broadcast in the clear for anyone who might be listening. Hopefully the only "listener" is your wireless router/access point, but it isn't that hard to set up a computer to listen to this traffic any more. This is especially dangerous in public places where there are likely others using the same connection, but even your own home isn't immune if you don't encrypt your traffic.

Unless you also limit your browsing to only encrypted networks or only https sites (as opposed to plain http sites), broadcast information includes cookies, authentication tokens, passwords, and more. If you're not encrypting your wifi, it's essentially game over.

Solution 4:

Known Wireless Attacks (Myths and Reality)

http://www.it.ojp.gov/documents/asp/wireless/section3-3-1.htm

There are four main methods of attacking a wireless network: modification, eavesdropping, masquerading, and denial-of-service. Each method of attack has several submethods, which will be described in the appropriate following section. In addition to describing the methodology behind each attack, the attacks will be analyzed for their feasibility from an attacker perspective, i.e., how difficult is the attack to implement and is there a justifiable return on the investment for each attack type?

.