Has anyone empirically analyzed the actual threat from using public WiFi? That is: (1) how much useful (unencrypted) data is still available to a rogue AP, (2) how well these attacks could be executed by remote attackers?
-
Show this thread
-
Replying to @matthew_d_green
A number of years ago I looked into Android apps that use HTTPS, but fail to validate certificates. https://www.rsaconference.com/events/us15/agenda/sessions/1638/how-we-discovered-thousands-of-vulnerable-android … Things have gotten a bit better by now, but it's still a problem. These apps are why I'm not comfortable with public open WiFi.
1 reply 0 retweets 6 likes -
Replying to @wdormann @matthew_d_green
How many apps are on your phone? How confident are you that EVERY app, aside from your web browser I suppose, uses HTTPS properly? Or uses HTTPS at all (as opposed to HTTP).
1 reply 0 retweets 2 likes -
Replying to @wdormann @matthew_d_green
This is the real problem. From a browser MitM point of view, HSTS is the real killer, and any attack will have to also redirect to a different realistic DNS name. Captured portal "login please", might not have HSTS...
1 reply 0 retweets 1 like -
Are there any simple tools to review this without MitM oneself or using Wireshark on one's LAN? Or public, organized efforts to keep track of who's doing things well to nightmarishly bad (beyond HTTPS or not, since it's not black & white, more a range)?
2 replies 1 retweet 0 likes -
It's trivial to test apps yourself with CERT Tapioca.https://github.com/CERTCC/tapioca
3 replies 1 retweet 7 likes
But while it's easy to test an app (given you have a compatible USB WiFi adapter), knowing which apps to trust requires that you have tested each app on your phone. Having just gone through the top 10 free Android apps, only one of them results in using unvalidated HTTPS by now.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.