29
5
Scenario: You are using your laptop computer, connected to a public WiFi network at a Starbucks, airport, etc.
Question: Can a stranger connected to that same WiFi network download the files from you computer? Can the stranger look at your files?
Test100
Posted 2018-03-25T22:21:58.507
Reputation: 279
51
Question: Can a stranger connected to that same WiFi network download the files from you computer? Can the stranger look at your files?
Yes, but it requires significant carelessness on the victim's part.
On Windows, for starters, you'd need to tell the system that the network you're connected is either Home or Work, not "Public". Since you should know you're in an airport, this is unlikely.
Then you should allow guest login (by default it isn't).
Alternatively, you must access some external unencrypted system supporting Windows authentication. The service should be outside the airport and allow logins from the Internet, and very few would allow it to run unencrypted.
Finally, that system and your own box must use the same user and password. This way, the password captured in the previous stage will also allow external logins on your system. OR you must have an easily guessable username, and the same password of some cleartext service you accessed.
Otherwise, the attacker might poison your DNS cache and "convince" your system that the Facebook server or the GMail server or what-have-you is actually inside his suitcase. Then he would either force a HTTPS connection (e.g. via a MitM attack, which you must ignore) or fake it in the clear (and you must not notice the fact that you're running in plain HTTP). This way, again, the attacker can get one of your passwords. If it is good for your system, or allows a password-retrieval attack on some other system, you (and/or your online banking account) are about to be pwn3d.
Actually the attacker needn't do much to gather access to your transmissions. He might have been the owner of the WiFi network all along, who just set up a rogue AP declaring itself to be "Airport Free WiFi". The fact that the AP name seems legitimate means nothing: there are systems already designed for this - buy one, charge it overnight, go to the airport and start trolling for fish. The system will optionally "massage" the data flowing through to ensure the maximum exploitability of passwords and credentials.
Once you are connected to a site you trust (or so you believe), you can be tricked into downloading and executing something that will give the attacker complete control, either directly (e.g. in Windows through WSH) or through some exploit.
On Linux the only relevant difference is that you should either share your disk or have remote administration port 22 (SSH) open. Both conditions are usually false in any sane distribution I know of.
Having your disk safe is no guarantee for your online banking account, Dropbox, email etc. - the problem lies in credential thefts and/or impersonation; what is actually done with that comes after.
Which is why:
LSerni
Posted 2018-03-25T22:21:58.507
Reputation: 7 306
Maybe a weird question, but why should I declare my network at home to be my 'home network'? I allow (non-tech-savvy) guests with (non-updated) smartphones on my network at home. Why can I trust it? – Matty – 2018-03-26T08:47:59.587
2
@Matty good point. What I meant is that if you ever declare a home network, that should only be your home network. But you're better off not trusting even that (what with network printers that might be reachable from outside and/or download malicious OTA packages etc. - it's been known to happen: https://www.esecurityplanet.com/network-security/can-your-printer-put-your-whole-network-at-risk.html)
– LSerni – 2018-03-26T09:56:43.7902Yes, but it requires significant carelessness on the victim's part. Or extreme professionalism and preparedness of the attacker. – VL-80 – 2018-03-26T13:39:46.797
2"Alternatively, you must access in the clear some external system supporting Windows authentication." What does "in the clear" mean? Honestly, that entire paragraph and the one after it don't make a lot of sense to me; can you provide an example of the kind of attack you're describing? – Anthony Grist – 2018-03-26T13:56:19.483
1@AnthonyGrist He means unencrypted. I agree that the wording is a little confusing. The scenario being described is that you access a resource on an unencrypted channel, thus sending your username and password in plaintext, and that same username/password combination is the one which grants the attacker access to your machine because you've reused the password. – Jon Bentley – 2018-03-26T14:54:04.950
@AnthonyGrist sorry. I have incorporated JonBentley's correction - as you may have surmises, English is not my native language :-) - I'm used to say in chiaro to mean unencrypted, and it came natural to me to translate as in the clear. – LSerni – 2018-03-26T16:12:24.483
@Matty: don't allow untrusted guests on the same network as you. – Mathieu K. – 2018-03-26T20:13:23.660
1@LSerni In fairness to you, I understood "in the clear" to mean "unencrypted", but perhaps it's not as common an idiom in English as I think it is. :) – Dan J – 2018-03-27T03:34:34.870
Also for the advice at the end, two factor authentication would be a good idea to prevent this – Melkor – 2018-03-27T06:05:09.737
Doesn't that also require carelessness from the legitimate WiFi provider? I believe most access points have client isolation by default for public networks, where the wireless clients can see the Internet but not each other? And this needs to be switched off in the access point's settings? – GSerg – 2018-03-27T10:04:36.003
2
Potentially, they can capture personal information, poison your dns cache and many other pretty nasty things, but they can't download your personal files without a few things going wrong on your behalf first.
If for some reason they could capture your passwords being transmitted in plaintext, they could ssh to your computer, assuming you are allowing incoming port 22 connections(unlikely)
If they could force you to accept a malicious file, you could be open to a reverse proxy attack whereby the file you accept will automatically attempt to connect the attackers system, giving them access to your system.
These attack vectors are not easy to do, they are possible but generally security concious users and most system hardened defaults are pretty good at preventing such attacks. Hope it helps
Sean Davey
Posted 2018-03-25T22:21:58.507
Reputation: 437
2What about the shared folders allowing access to Everyone ? – user6900 – 2018-03-26T02:41:43.357
@user6900 That would only apply if you have file sharing enabled. By default Windows will not enable file sharing on a network designated as "public". If you change that option, or choose to label the public Wi-Fi network as "private", well... – Bob – 2018-03-26T04:07:59.273
2I see this all the time when I get onto public hotspots, and have wandered through other people's documents in amazement. It seems that people enable file sharing and leave some defaults in place which share a lot more than they realize. Or maybe they shared so much more when on a private network because it's easier, and forgot about it. Either way, there is no question that this happens. A lot. Oh I should add that this was on OS X, don't know about Windows. – JVC – 2018-03-26T16:01:44.810
good call, actually my answer was, unknowingly only for *nix based systems, I havent ventured to the windows dark side for a few years now, an certainly wouldnt consider public airport wifi with windows defaults. – Sean Davey – 2018-03-27T11:02:41.323
2
You would want to avoid using public wifi for sensitive information, unless you can be assured of a solid and safe connection. There is a practice known as Man-in-the-Middle in which a user nearby at the public wifi location has configured his computer to appear as if you are connecting to the local service. In reality, you are connecting to his computer, which is passing your activities through a filter to collect sensitive and useful information. Once collected, your activities are then forwarded to the intended destination.
fred_dot_u
Posted 2018-03-25T22:21:58.507
Reputation: 1 377
0
Yes they can, as with any internet connection, but you may find it easier to upload files to a shared location for them to download. The "push from device" ala stolen smartphone.
The safest way to allow someone to quickly download files from your device whilst on public wifi is to use your private network via VPN and share a folder on that network. This is the "road warrior" scenario.
Otherwise, they will need to know your IP address. Dynamic DNS with SSH for concurrent login will also work, but they will need permissions on the files. Dynamic DNS can be home grown, you could email the IP or drop it on a server, say.
You could also RDP/VNC to a machine on your private network, still a two step process if you are copying from the host device first. Giving them remote control of your device is also possible ala NetMeeting, but clumsy.
The least secure method would be to run a simple FTP server for them to access. Anyone can snort that. It may not bother you if it is only a shopping list or a fender bender happy snap.
Encrypted file + VPN + RDP/VNC will give you three layers, not counting the WiFi encryption.
mckenzm
Posted 2018-03-25T22:21:58.507
Reputation: 829
5
yes. I once accidentally entered the wrong computer when trying to copy a file from my friend's laptop while we're connecting to the same public wifi at a cafe. Guess what? The owner put their adult videos in the public documents folder. Of course it's due to the carelessness as mentioned below. You can find more information in https://security.stackexchange.com/q/36263/89181 https://security.stackexchange.com/q/14927/89181
– phuclv – 2018-03-26T09:57:53.3672@LưuVĩnhPhúc: You mean "their" as in they'd filmed them?! – Lightness Races with Monica – 2018-03-26T17:01:57.780
The answer depends on the operating system and what all services and daemons are being run. – can-ned_food – 2018-03-26T20:16:02.467
@LightnessRacesinOrbit I mean "their" as their possessed file, not the recorded movie of their own (because even I don't know whose laptop is that) – phuclv – 2018-03-27T03:19:21.007
@LưuVĩnhPhúc: Jokes – Lightness Races with Monica – 2018-03-27T12:07:07.610