How Safe Is Wifi?

[kyb789]

I don't know much about WiFi security. How safe is it to use? Can other's get inside your computer when you are connected? More importantly, can other's monitor your transactions? I am scared of entering any bank or investment account numbers and Pin's when I am using WiFi.

Just want to know because it is so easy for me to hijack a nearby WiFi signal at my apartment coming from nearby hotels and offices. If I don't have to pay for home ADSL service, that would be great.

[nikster]

Short answer: If you want to be safe, use your own DSL/WiFi and put a password on it.

The possibilities for an attack through WiFi exist - in theory there's a lot of stuff that could happen, even a man-in-the-middle attack. In practice, the main danger comes from being in the same network as a number of other machines that you don't know. If one of these has a trojan or virus, it might spread to your machine if you are not careful. You can secure Windows against this rather easily though. Turn off public shares, install an AV program, that sort of thing.

Assuming no one is able to directly hack into your machine, nobody will be able to read your online transactions as long as they go over a https connection. Which pretty much all sensitive information websites do. Ie bank transactions always go over secure websites.

You need to also make sure to only access Webmail over https - use https://mail.google.com instead of http://mail.google.com for example. If you use a mail client, you also need to make sure it's talking on secure channels. Some mail clients are set up to by default blast all information - such as your mail password - unencrypted over the wire.

Again, it's unlikely somebody will want to steal your mail password. But it's also unwise to basically broadcast it every time you check mail.

[Firefoxx]

First of all, hijacking a nearby wifi signal is illegal in most countries. Any kind of risk involved is just inherent to what you're doing.

As for the safety of wifi, it's a wireless medium, so it can be intercepted. Wifi has varying levels of security, but none are 100% safe. The safest is WPA, which can withstand a pretty persistent attack, while the one that's normally used, WEP, can be cracked in minutes.

[TopDogger]

Get some sort of wireless security suite which rotates the WPA key every 10 minutes, then its effectively unbreakable.

[kyb789]

First of all, hijacking a nearby wifi signal is illegal in most countries. Any kind of risk involved is just inherent to what you're doing.

So for clarification...if a neaby hotel offers free WiFi in their lobby and it is an unsecure signal and I can pick it up in my apartment next door, is that illegal? This is what I am talking about.

[TopDogger]

First of all, hijacking a nearby wifi signal is illegal in most countries. Any kind of risk involved is just inherent to what you're doing.

So for clarification...if a neaby hotel offers free WiFi in their lobby and it is an unsecure signal and I can pick it up in my apartment next door, is that illegal? This is what I am talking about.

If they haven't gone to the bother of securing it, I can't see them going to the bother of tracking non-customers down who are using it..

[Sunny Valentine]

First of all, hijacking a nearby wifi signal is illegal in most countries. Any kind of risk involved is just inherent to what you're doing.

Mind if you elaborate on that? My information is that it is legally acceptable in most jurisdictions to use unsecured Wifi.

Sunny

[Crushdepth]

I don't know much about WiFi security. How safe is it to use? Can other's get inside your computer when you are connected? More importantly, can other's monitor your transactions? I am scared of entering any bank or investment account numbers and Pin's when I am using WiFi.

All of your traffic can be monitored with ease, unless you are connecting to an encrypted site. If you're using a bank site or something (which will be encrypted), check the padlock icon in your browser and make sure the certificate matches the website you are trying to connect to. If it matches, it should be ok.

However, if you are visting non-encrypted pages, sending email and stuff like that, most of what you are doing is accessible to anyone that cares to 'listen'. One of the worst things is actually logging into a regular email account. If someone grabs your email login this will open up a lot of other online services that you may use - through password recover functions etc.

[Kyosuken]

The truth is, (some technical information ahead so may be difficult to get for newbes)

You "may" be tracked by connecting "stealthly" (nothing is stealth when you make a connection anyway )... but 99% (taking numbers out of my *ss here but really there are very few company with secured "public" wifi) of the private companies just setup a plain router with integrated wifi, put a stupid password for their wifi and in WEP (worst thing ever) and don't bother with it...

I work at an internet café in Patong, we get regularly customers from nearby hotels that can't connect to their hotel networks and asks us to see if their computer is at fault, funny huh ?

Most people who setup these networks for customer convenience don't have 5% of the knowledge needed to administer these kind of network : cheap equipment, vanilla modem/routers supplied by the ISP, when the thing goes down unless a customer complains they wouldn't check in the matter at all. If they use the internet and it goes down : oh well might be <insert Isp name here> that went down again...

Is it illegal ? yup it is

Is it moraly wrong ? yes sorta...

If the wirless network is "opened" (as in not secured) does it give the right to go in and leech the bandwidth ? Because the front door of your neighbour's condo is opened it doesn't give you the right to get in and serve yourself in the fridge isn't it ?

But in the mean time with the actual situation : 99% of networks so securely unsecured, most staff largely not competent to deal with network administration. The bad guys who sneak about and steal bandwidth are still on the safe side (of being caught), really...

But that's not all, it's like what my English professor used to tell me a long time ago : if you have to cheat, you have to be very intelligent and if you are intelligent... you don't need to cheat ! and true it is for wireless connections, cause say you get your way in a network wich is badly secured : Opened, WEP, or Mac adress filtered (WPA would be a little more difficult as mainly bruteforce works with these). You are happily surfing, maybe be downloading stuff etc... but what you may not know, in case of Wireless, someone wich is not part of your network can still sniff out all the traffic and know what you've been doing...

hopefully https will come to your rescue for your banking needs, but if someone can sniff the traffic without being in your network, he can do nasty things like packet redirecting, you think you connect to your bank but actually it's a page not so far in your neighbourhood, dns poisoning... and the list goes on... so safe ? not are you...

What i just gave is an example and its counter example : You maybe safe of doing your happy bandwith stealing from the hotel you are connected to, but you are likely not to be really safe with the bad guy next door !

Now that we dealt with what you ought not to DO, what you can do to secure your own home private network, is to do multi securing : first use WPA (and preferably WPA2) as a mean to encrypt your data (wpa and wpa2 are resistant to sniffing outside your network and is "weak" only to bruteforce or dictionnay attacks etc) then if you want to add more security, add some mac address filtering, mac address filtering won't protect you "as is" (and people who think that are in the wrong one could hack their so called network protected by mac filtering in 10s) but with WPA/2 it will stop a lot of people, disable DHCP (and thus only use manual tcp/ip configuration in your network), disable SSID broadcasting your network won't be "seen" to unsuspecting wanabe hackers, though the real one will find out the SSID. And last but not least don't use a freaking password like a phone number/birthdate or the name of your girlfriend...

Now with that you are assured that for sometimes you won't get any problems on your network, though it will still be hackable everything is, it's just a matter of time and to discourage as much as possible the bad guys !

Hope it shed some lights in this very interesting matter that is Wireless "Security"

-Edit and changed some somewhat controversial assertion

Edited November 15, 2007 by Kyosuken

[Crushdepth]

hopefully https will come to your rescue for your banking needs, but if someone can sniff the traffic without being in your network, he can do nasty things like packet redirecting, you think you connect to your bank but actually it's a page not so far in your neighbourhood, dns poisoning... and the list goes on... so safe ? not are you...

The padlock icon in your browser simply means that you are connected to an encrypted site. It doesn't tell you *which* encrypted site you are connecting to (although some browsers now display the name next to the padlock). However, if people click on the padlock and take the trouble to look at the certificate they can see if it matches or not. If it does match, connection is ok and can be confident that it is not a fake site and that they have not been sneakily redirected.

But if the name on the certificate doesn't match the website, don't use it, and don't take the padlock icon for granted - doesnt mean anything unless you verify the identity of the site on the certificate!