0

I'm browsing the internet over the public library's wifi, visiting non-sensitive websites, some of them SSL protected.

As a Windows user, I have set the network settings to "Public", just for safety.

However, reading about it, I just found out that not only your traffic can be targeted (everything that leaves your machine, enters the network, and hits the domains, whether they are SSL-protected or not), but your machine itself can be infiltrated with some special software.

How difficult would it be for someone to use that kind of software against an average Windows user, who takes basic security steps?

I'd like to asses my risk levels, and see if I'm in the green, yellow, orange or red as an average joe browsing public wifis that some bad guy could target.

Many thanks,

Peanuts
  • 385
  • 1
  • 2
  • 9
  • 2
    depends on who "someone" is; my mom, the NSA, a PI, etc. Do you have open shares with sensitive data? do you have weirdo software that opens lots of ports? On a default install these days, there's (generally) not a lot to worry about under most attack scenarios, minding the serenity prayer. – dandavis May 21 '18 at 22:41
  • 1
    It really depends, if you want some reading material on the subject however try these topics: "Evil Access Point", MITM techniques, SSL, ARP cache poison, injection methods, packet sniffing. Most of those are fairly basic from there you might want to delve further into application layer security – elprestano May 23 '18 at 12:20

1 Answers1

3

The typical scenario is not to attack the machine directly but instead let the user retrieve the malware itself, i.e. send mails containing malware, make the user visit web sites containing malware (for example link in phishing mail, malvertisement, ...) or attack the user at the network level to inject malware into unprotected (i.e. HTTP not HTTPS) traffic.

Doing such man-in-the-middle attacks to inject malware is not hard for most public WiFi. And it is trivial if the attacker fully controls the access point, for example by simply setting up some trustworthy sounding WiFi (like "PublicWifi", "Telekom" ...) and let the victims gullibly connect to it.

Steffen Ullrich
  • 184,332
  • 29
  • 363
  • 424
  • Very interesting thanks. So it looks like any public wifi over HTTP is quite risky to use, since they can not only read you, but inject virus in the traffic that goes into the network (including HTML files?). I understand that your average anti-virus would monitor all that HTTP traffic, but it sounds risky anyways. – Peanuts May 22 '18 at 16:28
  • 1
    @Peanuts: while your average antivirus might help with 99% (if at all) of the malware it cannot deal with 100%. And it will not help if you submit credentials over HTTP and the attacker sniffs the credentials. The attacker might also modify the traffic not only to inject malware but also to inject login prompts etc in order to trick you in entering important credentials. – Steffen Ullrich May 22 '18 at 16:40
  • Just for the record, an old version of notepad++ was checking for updates thought http requests. Some freeSoftware still do, so while you think you're updating some software, you could be downloading, willingly, a malware. So try to avoid freeWifi, and if you have to go there, https all the way. – Guillaume Beauvois May 23 '18 at 12:43