20

I am staying at a hotel with free public Wi-Fi. To get Internet access I had to visit a web page and agree to the terms and conditions. This website has a security certificate, but it expired over a year ago.

Evidently this means I can't verify the identity of the sign in page for the Wi-Fi. If I proceed to the page anyway, does this compromise the security of other HTTPS websites in any way (say by enabling MITM attacks)?

I have read other threads on HTTPS over public Wi-Fi, and it seems like it's OK provided I verify the URL and only proceed if the website's certificates are trusted. But does the expired/untrusted certificate on the sign in page introduce any additional security risks?

techraf
  • 9,141
  • 11
  • 44
  • 62
Alex
  • 393
  • 2
  • 6
  • The main risks to which you are exposed by public wifi are covered here: http://security.stackexchange.com/a/34767/34123. In short, yes you may be exposed to MITM attacks. – James Bradbury Mar 14 '16 at 11:19
  • Thanks. That article was useful, especially the idea to use a VPN (I have access to one but didn't think to use it). The point of my question was to understand if the expired certificate on the WiFi signin page added any additional risk factors. – Alex Mar 14 '16 at 13:30
  • @Alex yes, use a VPN in Public or if it is fast enough, everywhere. I was about to comment that. – ave Mar 14 '16 at 15:26
  • Did you complain to the network owner? http://askubuntu.com/q/747327/457662 ;-) – techraf Mar 18 '16 at 06:05

4 Answers4

20

So you were redirected to a captive portal page that had an expired certificate.

Theoretically this puts in risk only the data you transfer over this particular connection, ie. accepting the rules and eventually your personal or payment data if you had to provide any. In fact the captive portal did not have to use https connection at all and you wouldn't probably notice it.

It does not introduce additional risk to the fact that you are already using a public, potentially highly insecure network with all its consequences.

Mind that you were on the insecure network from the moment you established the connection, before you even opened a browser and were redirected to the portal.

techraf
  • 9,141
  • 11
  • 44
  • 62
  • 2
    You might emphasis your 4th § because much too many people ignore or forget it. The network is plugged... even if you forget to proceed with the authentication portal, even if you didn't notice it because you weren't using any browser to see its http or https page. – dan Mar 14 '16 at 08:12
  • Depending on your OS, it would make tens of connections between the moment the network link is estabilished and when the browser is granted CPU time. I won't bash talk about Windows; on Android, every time I get a connection, tons of apps (from games to Skype) rush to the net to get updates and pop notifications. Even Play Store begins downloading apps and updates. So yes, even before you open a browser you are already exposed. – Mindwin Mar 14 '16 at 13:07
  • Thanks. This was a clear and helpful answer. I am aware of some of the wider risks of using public WiFi, though I hope HTTPS mitigates this somewhat. I am also considering using a VPN. – Alex Mar 14 '16 at 13:33
  • @Mindwin Wait, if you have to go to a portal page all those attempts are going to fail because you haven't accepted whatever TOS the page requires you accept, right? – Michael Mar 14 '16 at 22:22
  • 1
    @Michael You don't know that. You connected to a network you have no control or even knowledge of. It might be well isolated, maintained and safe, but it also might be malicious, compromised, misconfigured. – techraf Mar 15 '16 at 00:44
  • @Michael some hotel portals don't block all protocols. Some go through. In one trip a friend in the room next door was able to bypass the paywall routing his traffic in a tunnel masked as video streaming (the hotel allowed us to use video streaming services because of some partnership program or the like). – Mindwin Mar 15 '16 at 14:33
9

An expired certificate just means that the certificate didn't got renewed as soon as it should have been. Certificate renewal is a preventive measure for the case that the private key gets stolen without anyone knowing. Replacing a certificate in regular intervals reduces the usefulness of a stolen key. But expiration dates for certificates can be chosen quite arbitrarily. The risk someone stole the certificate to impersonate the certificate holder increases over time, but that risk doesn't suddenly skyrocket the day the certificate expires.

That means certification expiration warnings are a sign of bad security practices on the side of the website owner, but when the certificate checks out fine otherwise and you choose to accept it anyway, the encryption is just as strong as with a valid one.

Philipp
  • 48,867
  • 8
  • 127
  • 157
  • 2
    Certificate renew not requires private key change. – Ivan Solntsev Mar 14 '16 at 09:40
  • 1
    I realise a certificate doesn't become useless the day it expires. The certificate in question has been expired for a long time -- more than 200 days. I am staying at a budget hotel so I suppose they just didn't want to pay to renew it. – Alex Mar 14 '16 at 10:48
  • I regularly see expired certificates for public WiFi from providers that should know better. The last time (a whole week ago) was in the BA lounge (not a native BA one) in Venice Airport - from memory that was Boingo. I presume they are meant to do firmware device updates but don't. – abligh Mar 14 '16 at 13:13
  • 3
    A danger with certificate expiry is that certificate authorities only promise to publish revocations for unexpired certificates. A certificate has been compromised and subsequently revoked may appear to be "merely" expired once the expiration date lapses. – supercat Mar 14 '16 at 19:18
0

HTTPS isn't especially secure over public WiFi, regardless of the certificate, thanks in part to Mr. Moxie Marlenspike's SSL Strip.

Hack-R
  • 213
  • 2
  • 8
  • 4
    Presumably this is only an issue if the user is not vigilant in checking that the URL is correct and checking that HTTPS is enabled when submitting credentials? – Alex Mar 14 '16 at 18:23
  • @Alex I think it goes a little further than that. It exploits SSL/TLS implementations that don't correctly verify the X.509 v3 "BasicConstraints" extension in pub key cert chains, such that anyone with a CA-signed certificate for any domain can create what appears to be valid CA-signed certs for any other domain. He also proved that all major SSL implementations failed to properly verify the Common Name value, such that they could be tricked into accepting forged certificates by embedding null chars into the CN field. Also, others have decrypted SSL since 2010; especially when RSA is used. – Hack-R Mar 14 '16 at 18:40
  • How about HSTS? – Gustavo Rodrigues Mar 14 '16 at 19:46
  • @GustavoRodrigues I think that would be unaffected by SSL Strip and the related SSL vulns, however it might be vulnerable to this: https://www.pwnieexpress.com/bypassing-hsts-ssl-with-the-mana-toolkit/ – Hack-R Mar 14 '16 at 20:14
0

Neither expired, nor unexpired certificate are less-secure unless compromised. The certificate's security strength is measured in hash type+size, key algo+keysize and an ability to verify it. If the date has expired - it does not expires the CA certificate that have signed it, so :

  • it still can be verified
  • hashes have the same strength, so the crypto's too : same key, same algo

you have just an expiration warning. It's unconvinient, but OK. If the cert remains uncompromised - it's fine. And if a cert is compromised - directly or indirectly - it turns into a useless junk regardless of the expiration date.

Alexey Vesnin
  • 1,565
  • 1
  • 8
  • 11