1

Assuming the attacker can read all the traffic (he cracked my WPA2 for example), is there still something he can do if i'm only connecting through TLS and similar protocols ?

schroeder
  • 125,553
  • 55
  • 289
  • 326
hehehe
  • 111
  • 1
  • TLS is not an end-to-end protocol. Once you realise that, then you can see what else can be done. – schroeder Feb 05 '22 at 14:20
  • are you talking about the fact it doesnt necessarily authenticate the client ? It's true, but if i'm only using it to browse the web (including sending sensitive data), is there still a security risk that justifies paying for a VPN ? – hehehe Feb 05 '22 at 14:26
  • No, I'm not talking about client authentication. I'm talking about TLS interception. – schroeder Feb 05 '22 at 14:26
  • TLS exists to securely transfer data over untrusted networks. But you've presented an unbounded risk context. If you are only talking about an untrusted node on the network reading your traffic, then TLS is fine. But that's just for that one risk. – schroeder Feb 05 '22 at 14:30
  • I think what Schroeder is saying (correct me if I'm wrong) is that when assuming an attacker can read all trafic, he already found a way inside your network, meaning there are tons of other things the attacker could have done already to compromise your machine (perhaps he installed a keylogger for instance, in which case encrytion will evidently fail) – Brakke Baviaan Feb 05 '22 at 15:00
  • Related: https://security.stackexchange.com/questions/257226/are-tls-v1-3-connections-over-open-wi-fi-secure/ – nobody Feb 05 '22 at 16:41
  • 2
    @schroeder I don't quite understand your initial statement. How is TLS not end-to-end encryption between the client and the server? – nobody Feb 05 '22 at 16:50
  • 1
    @nobody like I said: TLS breaking, interception, etc. And then load balancing, TLS terminators, etc. Lots and lots of opportunities to get in the middle legitimately. – schroeder Feb 05 '22 at 19:13
  • 4
    OP, @schroeder makes a valid point above. But, bear in mind that any of these opportunities to get in the middle that he describes would require the attacker to have a certificate for the site that you are visiting, signed by a CA that your browser trusts. – mti2935 Feb 05 '22 at 20:48
  • @mti2935 my comment is in reference to the original version of the question and an explanation of my edits. – schroeder Feb 05 '22 at 21:56

3 Answers3

2

TLS guarantees three properties of the data exchanged inside the connection: confidentiality, authenticity and integrity. This is all under the assumption that the endpoints and the public-key infrastructure are secure: here we're only concerned about attacks on the network (eavesdropper, man-in-the-middle).

  • Confidentiality means that an adversary can't learn what data is exchanged over the connection, only its size and the time at which it is exchanged.
  • Authenticity means that you can be sure that your machine is connecting to the expected server.
  • Integrity means that an adversary can't alter or modify the data exchanged over the connection. (Not even just to replay an old, unmodified connection.)

The main limitation is that an adversary can change and modify data that isn't exchanged over TLS. This includes non-TLS links that you might accidentally follow. This also includes server names: DNS is mostly not encrypted. An adversary can't trick you into connecting to the wrong server by modifying DNS traffic (if it tries, TLS's protection will prevent your browser from connecting to the wrong server), but they can learn which server you're connecting to. (Just the server name, not the full URL.)

These days, most of the web uses HTTPS, so the main advantage of a secure wifi is that DNS gets encrypted. Note that secure wifi doesn't just mean encrypted wifi: encrypted wifi provided by someone you don't trust is no better than non-encrypted wifi.

Gilles 'SO- stop being evil'
  • 51,415
  • 13
  • 121
  • 180
0

Generally, TLS is secure against active and passive adversaries. However, some details need to be considered:

  • TLS version
  • Your system time
  • Your DNS
  • Your system's (or browser) CA certificates
SAM15341534
  • 36
  • 4
0

There is always something an attacker can do. Absolute security does not exist. Regarding your specific question, and leaving aside the vague notion "similar protocols", there are various types of attacks against TLS secured connections. Their chances of success depend on many other circumstances besides an attacker's access to your WiFi network, such as:

  • software vulnerabilities on your client system
  • vulnerabilities of other systems in your network, most importantly your router
  • your security awareness and attention
  • diligence of those who operate the systems you are connecting to

Just one example to illustrate: If you receive an email saying "This is an important message from Your Bank. For security reasons please download and install our newest security program immediately by clicking on this link." and you unthinkingly follow those instructions then neither WPA3 nor TLS will save you.

Tilman Schmidt
  • 881
  • 4
  • 7