Skip to content

Public WiFi is actually still pretty dangerous


I wanted to write a short response to an article EFF posted, Why Public Wi-Fi is a Lot Safer Than You Think. It's no secret transport layer security has vastly improved over the years -- so I generally agree with a lot of the points made here. For the most important sites and services you use, it's unlikely someone will be able to snoop your web traffic without some egregious warnings or outright failure due to things like HTTP Strict-Transport-Security (HSTS) and certificate pinning. This means if an attacker tries to get in between you and the destination, your browser remembers what certificate was there before and freaks out.

However, a large number of websites and services are not using HSTS, and a lot of mobile apps are just broken in terms of certificate validation! This happens for a few reasons, namely the difficulty of changing certs and not breaking access, or just because testing apps is hard with legitimate certs and so it gets disabled (and forgotten about). You may think that if a malicious certificate gets injected on the network you'll get that certificate error page .. but what if the attacker just redirects you and removes transport security completely with a tool like SSL strip or the Man-In-The-Middle Framework? They may be less sensitive sites, but not every website even uses HTTPS -- what if someone injects a browser exploit kit, phishing pages, or even different ads into those unsecure pages? (I won't name the airline WiFi that does this)

Also, a huge downplay here in public WiFi is exposing your machine to direct attacks through vulnerable or unpatched services. We have all clicked that "update later" button. Even for corporate managed machines with routine patching, there's no guarantee all your configurations, settings, and policies are bullet proof on that laptop. Do you have open network shares? Is your password super strong and uncrackable? Do you have remote desktop enabled? SSH? Have you ever run databases or web servers for development work? Attacks like harvesting passwords with Link-Local Multicast Name Resolution (LLMNR) poisoning on Windows machine still works even in huge companies, let alone average consumers that don't have a hardened group policy.

I'm not trying to scare people away from public WiFi, it's not all bad (maybe you should be a little scared). The bottom line is if you're using a company managed device, you should follow their guidelines on public WiFi use. It's also important to understand what to look for and be prepared. Use a trusted VPN if possible, and make sure your device is hardened and up to date on patches.

Dan Amodio, Security Researcher

Dan Amodio, Security Researcher

Dan grew up tinkering with computers and learning about hacking and programming, and he somehow made a career out of it. He has worked on information security issues—from application security to red teaming—with some of the largest companies across the globe. Outside work he enjoys music, games, and family time.