When we connect to open Wi-Fi networks , we run the risk that a cybercriminal will be able to capture all of our network traffic. Although today the vast majority of websites use HTTPS to encrypt point-to-point communications, there are techniques to “lift” this protection in many cases, so we run the risk of our communications being totally intercepted. This happens both in public WiFi networks, as well as in our home if we decide not to use any type of encryption. Next, we are going to explain the 5 risks you have when using open WiFi networks (without data encryption).
Data you put at risk
When we connect to a public or open WiFi network (without any kind of password), all network traffic can be intercepted very easily. As we have explained before, although most connections are made via HTTPS , it is possible to carry out Man in the Middle attacks with the aim of performing an SSL Stripping , to “lift” this HTTPS protocol and convert it into an HTTP protocol. In addition, we must take into account that all DNS requests are in plain text , that is, a cybercriminal can see all the requests we make to enter different web pages, unless you use DNS over HTTPS in your web browser, then no You will have this problem, but we would still be able to see which websites you browse due to the SNI that is sent in each web request.
The 5 risks you run when using public WiFi networks are the following:
- Any username and password that we enter could be easily captured . Our email account, banks, PayPal or any other service that does not have the HSTS protocol enabled and that we have previously entered, could “lift” the HTTPS protocol as you can read in our SSL Stripping tutorial.
- Entire web browsing captured . If we use the usual DNS protocol, all requests are made in plain text, a possible attacker could act as a DNS server to make the requests to himself. In the case of using DNS over HTTPS or DNS over TLS to make DNS requests, then they could know which websites you browse through the SNI.
- Redirection to fake or malicious websites . This risk is closely related to the previous one, when they carry out a Man in the Middle attack on us, the cybercriminal could manipulate DNS requests and provide us with a false resolution, with the aim of sending us to a website specifically designed to steal our data. For example, you could set up a web server with the appearance of our bank, but we will not really be entering our bank but rather a fake website.
- Injection of malware in our PC . As the Wi-Fi network is open and there is communication between the clients, an attacker could try to exploit a vulnerability in our PC with the aim of getting infected with malware. This is one of the simplest attacks, since the popular Metasploit tool incorporates everything necessary for it.
- denial of service . This is the best attack that could be done to you, it consists of completely blocking access to the Internet so that you do not browse. By not being able to navigate, you will not be able to enter passwords, nor will it spy on your web browsing or redirect you to false websites. If they do a denial of service attack on you, they will be doing you a “favor” so that you don’t connect to that open network.
As you can see, we have many risks when connecting to open networks, whether they are public WiFi networks or those of your home, so you should take precautions to avoid it.
How can I avoid it?
To prevent these attacks from being carried out on us, the best thing you can use are techniques so that all traffic is encrypted and that the encryption cannot be “lifted”. All these techniques need an “intermediate” server that is under your control:
- Use a VPN to your server, or use a commercial or free VPN like WARP from Cloudflare.
- Use the technique of SSH Tunneling towards your server, or at least, a server under your control that is trusted.
- Use an SSL proxy to forward all traffic to you before going out to the Internet.
Another configuration that you could value, if the open WiFi network is under your control, is to activate OWE (Opportunistic Wireless Encryption), this allows encrypting all client traffic without the need for authentication. You should also activate AP isolation to prevent communication between connected WiFi clients, otherwise they will still be able to do MitM attacks on you.