0

Can a malicious WiFi router that doesn't have a login page open a malicious link without my consent to hack my computer by simply connecting to it?

What about one with a login page? Can it open the login page without consent? (I connect to it because it shows as having no password on the WiFi list).

I know that you should use VPNs to be safe on public WiFis. I am asking if this can happen before I even connect to a VPN.

UndercoverDog
  • 612
  • 2
  • 17
User4857
  • 31
  • 3
  • Note that - contra much highly-confused scaremongering security messaging - "open a malicious link to hack my computer" isn't how literally anything works. Links can't do anything. Malicious web content can _attempt_ to compromise your machine - although, aside from phishing the user or vulnerabilities on other sites, this is very rarely going to work so long as you keep your browser up to date - but malicious web content doesn't require that you navigate to an attacker-chosen link, not if the attacker has a man-in-the-middle position (such as controlling the router). – CBHacking Aug 01 '22 at 09:27

1 Answers1

1

A malicious router can interfere with unprotected DNS lookups and thus make the client access a different site than intended. It can also interfere with unencrypted traffic (i.e. plain HTTP, not HTTPS) and change the content, like injecting redirects to attacker controlled sides in order to inject malware.

None of this requires any explicit interaction from the user, except doing normal surfing. Even just having the browser with some existing web sites open might be sufficient, since many sites update content in the background (like loading new ads) and thus will access sites without any user interaction.

For more on this see

nobody
  • 11,251
  • 1
  • 41
  • 60
Steffen Ullrich
  • 184,332
  • 29
  • 363
  • 424