Can the password that one type be compromised if mobile is connected to a compromised router since everything has to go through the router?
2 Answers
Under most circumstances, if you connect to the site by HTTPS, and you're sure that the URL is correct (i.e., you're not connecting to a phishing site, like gm4il.com instead of gmail.com), and your browser is not showing you any certificate warnings, then most likely it's safe to login to the site using your password. If you use a password manager, all the better, as this offers the added protection of detecting phishing sites.
However, this answer would not be complete without adding the caveat of fake SSL certificates. There have been cases where CA's have been breached, and attackers were able to get CA-signed certificates for popular sites such as Gmail.com, etc. In this case, all of the above indicators would seem to indicate that everything is copacetic, yet an attacker on the network between your browser and the site would be able to intercept your password. See What are the risks of a Certificate Authority hack for 'the average user'? for more information. Fortunately, these cases are rare, but it would be remiss to not mention these cases.
- 19,868
- 2
- 45
- 64
-
the best protection for gmail specifically is to have TOTP 2fa configured. SMS is not sufficient - it's relatively easy for somebody to convince the phone company to send your SMS messages to them, and not encrypted, so contraindicated by NIST. with TOTP your password is not enough to access gmail and the TOTP token is only good one time for 30 seconds. – erik258 Jul 29 '20 at 18:21
-
A hacked router cannot intercept your password if you connect to the server via https and the server certificate is authentic. – mti2935 Jul 29 '20 at 18:22
-
Yes, it's possible that a hacked router could redirect your request to gmail.com to a fake site purporting to be gmail.com instead of the real gmail.com site. But, it would be very difficult for the fake gmail.com site to obtain a valid certificate for gmail.com. That's why it's so important to always connect by https (not http), and to pay attention to any warnings in your web browser pertaining to the certificate. – mti2935 Jul 30 '20 at 14:12
All the browsers (And the operative systems, like your iOS) includes the public certificates of the Certificate Authorities (CA). These are organisations that validate the ownership of the domains and grant certificates signed by them as a trust authority. By recognising the signature, the browsers knows it comes from a "chain of trust" and shows a green lock on your browser.
As user mti2935 pointed out, sometimes the certificate authorities might become compromised (By an internal or external actor) and it may issue certificates they may have not properly validated the requisites. Since the efforts to carry on this attacks are high, and if your could get it you could go after bigger bounties, it is very unlikely that a low-medium traffic site would be subject to this attack unless you are being specifically targeted.
The browser also includes a hardcoded list of web sites that requested HSTS by default. The most visited sites are here (For eg. Gmail, Google, Facebook, Microsoft, etc). HSTS stands for HTTP Strict Transport Security. This is a web security policy to help protect your websites against MITM attacks such as as protocol downgrade attacks (HTTPS to HTTP) or cookie hijacking. For the domains on the list the browser will automatically convert any http:// URL to https:// avoiding you to access an unencrypted version of the website and leaking your data in the network (Like your Gmail password). Any specific person can request his site to be included into the HSTS Preload List of the browsers to avoid getting their sites compromised by these methods, each browser maintains its own list but they often replicate each other, you can find more about the HSTS preload list submission here: https://hstspreload.org
Returning to your specific questions, unless the browser (Or OS) is compromised the most probably is that the traffic that is going out of the browser is correctly encrypted with the gmail.com certificate, so your traffic would not be easily read over the network.
The warning your antivirus is giving you means that your router has its administrative ports open to the internet, the antivirus checked your public IP and scanned the open ports to warn you that anyone from the internet may try to hack your router services since they are wide open.
- 87
- 3