Yup. You can grab any unencrypted data passed between the user’s browser and a server literally out of thin air when they’re connected to an open access point. You sit happily at the Starbucks with your laptop, sniffing them WiFi packets and grabbing things off of them.
Oh and you have no idea what the myriad of apps you’re using are connecting to and whether that endpoint is encrypted. Do not underestimate the ability of firms to produce software at the absolute lowest cost with corners and walls missing.
If I was someone who was to make money off of scamming people, one thing I’d have tried to do is to rig portable sniffers at public locations with large foot traffic and open WiFi like train stations, airports, etc. Throw em around then filter for interesting stuff. Oh here’s some personal info. Oh there’s a session token for some app. Let me see what else I can get from that app for that person.
We need a switch like Firefox has that disallows anything non-HTTPS, but from the phone level. Companies like Apple and Google could also eventually warn apps that they’re going to make it the default setting.
Apps don’t use the system browser to connect to REST endpoints. Neither do they use the OS. Apps typically use a statically linked library. There are use cases for HTTP-only connections so it’s unlikely that those libraries would mess with forcing or even warning its users that they’ve used HTTP instead of HTTPS. Point is Google and Apple can do little in this regard. Unless they scan apps’ source code which could be possible to some extent but still difficult because URLs are often written in pieces.
Yep, my partner gave one for my birthday, it’s basically plug-and-play. It can automatically harvest credentials, spoof captive portals, etc.
I bet that in most places nobody would question something like this hanging on the ceiling indeed.
Yup. You can grab any unencrypted data passed between the user’s browser and a server literally out of thin air when they’re connected to an open access point. You sit happily at the Starbucks with your laptop, sniffing them WiFi packets and grabbing things off of them.
Oh and you have no idea what the myriad of apps you’re using are connecting to and whether that endpoint is encrypted. Do not underestimate the ability of firms to produce software at the absolute lowest cost with corners and walls missing.
If I was someone who was to make money off of scamming people, one thing I’d have tried to do is to rig portable sniffers at public locations with large foot traffic and open WiFi like train stations, airports, etc. Throw em around then filter for interesting stuff. Oh here’s some personal info. Oh there’s a session token for some app. Let me see what else I can get from that app for that person.
We need a switch like Firefox has that disallows anything non-HTTPS, but from the phone level. Companies like Apple and Google could also eventually warn apps that they’re going to make it the default setting.
Apps don’t use the system browser to connect to REST endpoints. Neither do they use the OS. Apps typically use a statically linked library. There are use cases for HTTP-only connections so it’s unlikely that those libraries would mess with forcing or even warning its users that they’ve used HTTP instead of HTTPS. Point is Google and Apple can do little in this regard. Unless they scan apps’ source code which could be possible to some extent but still difficult because URLs are often written in pieces.
Just FYI https://shop.hak5.org/products/wifi-pineapple. There are ready-made devices that can do basically what you are describing!
Oh nice. Just gotta dress em up like Unifi or Aruba then stick em up on the ceiling.
Yep, my partner gave one for my birthday, it’s basically plug-and-play. It can automatically harvest credentials, spoof captive portals, etc. I bet that in most places nobody would question something like this hanging on the ceiling indeed.