6

If I'm on an open wireless network, can a 3rd party capture packets and see all the internet traffic to and from my computer? What if WPA encryption is used, but someone has the key already? If I use HTTPS, can someone with direct access to the router decrypt the traffic and view it somehow?

Zoredache
  • 130,897
  • 41
  • 276
  • 420
Lin
  • 2,909
  • 7
  • 27
  • 25

4 Answers4

8

If I'm on an open wireless network, can a 3rd party capture packets and see all the internet traffic to and from my computer?

Yes

What if WPA encryption is used, but someone has the key already?

Same as if the network was un-encrypted

If I use HTTPS, can someone with direct access to the router decrypt the traffic and view it somehow?

Unlikely. They would need to have both the Private Key and the Public Key for your HTTPS host, which is unlikely. The other possibility is what's called a "man in the middle" attack, where they replace the certificates with ones that they know, so that it appears to be encrypted, but the man-in-the-middle does a translation on your HTTPS traffic so that it can read it.

Short answer: If you're on a wifi network, don't do anything you don't want to be made public.

Mark Henderson
  • 68,823
  • 31
  • 180
  • 259
  • MitM attack, just what I was thinking =) – Qwerty Sep 28 '09 at 06:59
  • You can't do a MitM attack on a _really_ secure SSL connection (with a trusted certificate chain and all). If the certificates are replaced the browser will inform the user that they can't be trusted. – Etienne Dechamps Sep 28 '09 at 11:02
  • Unless you're on a AD that has its own CA and you issue a certificate for that website that comes from your own internal trusted CA. I bet most people wouldn't even notice that the EV is missing from banking websites. – Mark Henderson Sep 28 '09 at 21:13
  • Arp poisoning is such a trivial thing to accomplish, that most people should be VERY afraid of using wireless for anything besides basic web surfing. – GregD Sep 28 '09 at 22:04
  • Keep in mind there is a difference between the key used for encryption (PTK) and the pass-phrase (PMK) people think of as "the key". If you know the PTK (PMK + session specific data), you can decrypt packets, but the PMK alone is not enough to decrypt. That said, it is easy enough to get the session specific data by capturing the 4-way handshake. – ctuffli Sep 29 '09 at 19:16
  • True. When I think of "Key" I generally think of a certificate, or the "whole" thing (PTK). True they could have meant the passphrase as well. – Mark Henderson Sep 29 '09 at 21:00
  • @GregD: Well, if you knwo that 1) no one has tampered with your computer, your browser or your certificate list, and 2) if you heed your browser's warnings about untrusted certs, then there's no known way to attac a TLS connection, so you'd be safe even over untrusted WLAN. But if you don't know if your computer's been messed with, all bets are off... – sleske Oct 22 '09 at 09:36
  • @e-t172: As the saying goes, "In security *never* deal in absolutes." A few months after your comment the SSL protocol was shown to suffer from MitM attacks. Trusted chains won't help you there. – Scott Pack Jan 29 '10 at 23:04
  • @packs: True, there can always be vulnerabilities in any system. Note however that the vulnerability discovered (I assume you talk about the "renegotiation attack") is *not* a Mitm attack; it only allows plaintext insertion. Still dangerous, but it does not allow outright decrpytion, plus it was quickly fixed. – sleske Jun 23 '10 at 08:04
2

If someone is on the same wireless network as you or you are on an open network they can see your raw traffic. Now if that traffic is encrypted, for example with HTTPS, then they can only see the encrypted traffic. As far as I know there is no easy way to decrypt HTTPS traffic.

Jason Axelson
  • 334
  • 1
  • 5
  • 17
1

HTTPS is between your browser and the webserver, so that traffic is encrypted, though someone can capture the packets and try to break the encryption.

Given enough motive, just about any wifi encryption can be broken. You can see the traffic using some freely available tools as it is broadcast out, but someone would need to separate out what is meant for you and someone else. The wifi adapter can determine that, so programs exist to determine that.

How secure your wifi is is based on how strong and secure your key is and the encryption algorithm.

Here is an article about wifi security, and you can google and get more info on various encryption algorithms, such as WPA, and see how secure they are.

http://pogue.blogs.nytimes.com/2007/01/04/04pogue-email/

James Black
  • 133
  • 1
  • 8
  • "Given enough motive, just about any wifi encryption can be broken." No, that is not true. For WPA2 with a *strong* passphrase, there is no known attack, not even a theoretical one. However, note that (using only lowercase characters & digits), a full-strength passphrase (256 bit) would need about 50 characters. – sleske Oct 22 '09 at 09:41
1

To sniff the actual traffic traversing a wireless network requires a wireless adapter and driver that support RF monitor mode, which few adapters in the retail market do. Adapters of these type are usually found in the wireless testing and engineering industries and are usually cost prohibitive for the average user.

While it's true that a determined hacker will eventually circumvent just about any security mechanism, I wouldn't count on the average Joe being able to do this. That being said, I don't recommend using publicly available open wireless networks.

joeqwerty
  • 109,901
  • 6
  • 81
  • 172