0

Here's an observation: My apartment offers free wifi around the social congregation areas. It is not encrypted BUT as I have observed, each connecting device is confined to its own VLAN (based on MAC address I guess). So you really cannot fiddle with anyone else's data (or can you?)

To start surfing, the user needs to first press an acceptance button, and then only is the Internet activated. But this does not hold for google websites (search, gmail, etc.). I am wondering:

  1. What is the ISP gaining by offering unrestricted access to Google?
  2. Given the security params of this WiFi, is it secure to do bank transactions?
  3. What kind of attacks can be pulled off here? My first impression is MITM is not an option (but please correct me).
sandyp
  • 1,126
  • 1
  • 9
  • 17

1 Answers1

1

To answer your questions:

  1. I would imagine that either the router is just set up that way to be convenient, and so that you can contact help if the thing isn't working. That's my theory, I really have no idea why you would do such a thing. It sounds like a bad security practice to me, but also a purposeful choice.

  2. You really shouldn't be doing your bank transactions on public WiFi, period. It would be nice if this router provided you with an additional layer of security, but in reality you should be doing your banking from access point you control. What if the router itself is compromised?

    Whenever you connect to this router, you have no idea whether you are connecting to the real router, a copy cat, or the real router after a compromise. Maybe your comfortable with the risk, but I'd rather take my chance at home.

  3. Man in the middle attacks. All the attacker has to do is to masquerade as the router and let someone connect. If he can't find anybody about to connect, that's fine. He uses a deauth attack to knock everyone off the router, and impersonates it as everyone pops back on. You might not notice yourself popping on and off

Here is a guide (a bit dated) on how this is done. The point is that whatever the router is doing for security, you still have to connect to the darn thing, and that's when you get nailed anyway.

Some people call this one-two punch of deauth and impersonate the "evil twin" attack.

Another thing an attacker would do is simply compromise the router. This isn't as hard as it sounds - many routers have very poor security. The access points will often have weak passwords, or default passwords. Many times custom software from ISPs is of poor quality, and allows remote exploits.

Or you know what, scratch that: How about the attacker just approaches the router, opens up the case and modifies the firmware to do his bidding? No remote exploit needed there. For public WiFi, this is a very real concern.

VLAN's only protect you while your connected to the router. You still have to connect to the thing, and that's where the bad stuff happens. I almost forgot to mention that VLAN hopping is certainly a possibility here:

Why do people tell me not to use VLANs for security?

Remember:

  • Only use Access Points you trust for critical operations
  • Always use HTTPS, all the time, under all circumstances, no matter what, or else.
MrSynAckSter
  • 2,040
  • 10
  • 16
  • 1
    If you're using TLS, you're already protected from just about anything an attacker can do with the router -- TLS can protect from active network attackers. – cpast Feb 23 '15 at 23:35
  • Unless you happen to be using SSL, or TLS turns out to have a bug. Also OP didn't mention using TLS (although I suppose you could assume a bank would have a strong encryption policy) – MrSynAckSter Feb 23 '15 at 23:37