New security risk with wifi. Not secure to use wifi.

Discussion in 'Computers' started by Gromett, Jun 5, 2014.

  1. Gromett

    Gromett Funster

    Joined:
    Feb 27, 2011
    Messages:
    7,905
    Likes Received:
    13,923
    Location:
    UK
    Sorry about the apocalyptic headline but I think this one is important for us Motorhomers more than anyone else.

    (simplified so not technically complete)

    SSL is the secure bit of the HTTP protocol, its the bit that encrypts your connection between your browser and the website you are visiting such as your bank.

    There is currently a flaw in both the client side and the server side but this flaw requires a man in the middle attack which is normally very hard to do.

    However us motorhomers would be more likely to come across this situation than most.

    Open Wifi Points which are normally safe when using SSL are no longer so.

    A hacker can set up a fake WiFi point at say McDonalds. When you connect to the wifi point he will redirect your traffic to the authentic wifi point and you won't know he is sitting in the middle of your traffic. This is trivial to do and anyone with a modicum of tech knowledge can do it.

    Prior to this SSL bug that man in the middle could not view your data as it was encrypted. However this bug means that it is now possible for them to decrypt your traffic.

    Here is the technical details.
    https://www.openssl.org/news/secadv_20140605.txt

    My recommendation.. Don't use open wifi points for any sensitive communications until this has been patched. Stick to 3G service for those things that need security. The Open SSL creators have released a patch and it is just waiting for downstream providers to patch their version and release. You then need to wait for the server owners to patch their installation. Banks should be pretty fast on this so I don't expect them to be vulnerable for long. However other sites may not be as fast to upgrade so be aware.

    PLEASE NOTE. This only applies to open access points. Your home access point should be fine as you have control over that and it is unlikely that a hacker would attempt to trick you into connecting to a fake one. However in high traffic areas such as restaurants, coffee shops and airports etc it is a target rich environment for them.

    If you are not sure if you can trust an access point for the moment don't.

    If you have any questions fire away.
     
    Last edited: Jun 5, 2014
    • Like Like x 16
  2. Gromett

    Gromett Funster

    Joined:
    Feb 27, 2011
    Messages:
    7,905
    Likes Received:
    13,923
    Location:
    UK
    Update:

    I have been researching this bug to see if there is any mitigation I can do on my servers while I wait for the updated libraries from my upstream.

    I have found out that not many browsers use the OpenSSL implementation of the SSL protocol. Microsoft for example write their own SSL stack. Firefox on Windows uses OpenSLL so is vulnerable.
    Apple has two OS's and both are based on BSD in some way so it is possible for browsers on that platform to be using OpenSSL.

    I don't have time to go through all the possible browser/OS combinations but you may want to check your setup and if you don't have OpenSSL and your browser doesn't use OpenSSL statically linked you may be ok. I will leave this to you to find out. However if in doubt work on the basis that you are vulnerable until you know better.

    Please note this advice applies to devices as well as computers and laptops. Phone browsers, tablet browsers, netbooks, laptops and desktops.
     
    • Like Like x 1
  3. old-mo

    old-mo Funster Extra Special Life Member

    Joined:
    Oct 16, 2008
    Messages:
    12,713
    Likes Received:
    38,544
    Location:
    Dorset
    Does this apply.... to users of Dish to designated satellite users.. ?
     
  4. Gromett

    Gromett Funster

    Joined:
    Feb 27, 2011
    Messages:
    7,905
    Likes Received:
    13,923
    Location:
    UK
    I am not sure what you mean? Do you have satellite internet? If you own the dish and modem and access this through your own wifi then no there is no issue. But you still want to upgrade as soon as it is available. If the wifi router is supplied by the satellite people ask them for a firmware upgrade if one is available.
     
  5. old-mo

    old-mo Funster Extra Special Life Member

    Joined:
    Oct 16, 2008
    Messages:
    12,713
    Likes Received:
    38,544
    Location:
    Dorset
    Thanks...... Yes I own the dish and the Modem (On Motorhome) and pay a monthly subscription to beyonds SL...

    Mo.
     
  6. LAM

    LAM Funster

    Joined:
    Apr 23, 2014
    Messages:
    380
    Likes Received:
    262
    Location:
    Wiltshire
    Inernet access ???????????

    Hi all,

    you may already be aware we are COMPLETE newbies to this MH stuff.
    My other half has a mini ipad (not sure if she knows what to do with it !!??). Like the UK, do we have internet if advertised in France ? :thumb:
     
  7. NickNic

    NickNic Funster Life Member

    Joined:
    Jan 14, 2014
    Messages:
    5,426
    Likes Received:
    11,100
    Location:
    Kettering
    I think the general advice for a long time has been don't do anything important i.e. banking via an open access wifi point.
     
  8. LAM

    LAM Funster

    Joined:
    Apr 23, 2014
    Messages:
    380
    Likes Received:
    262
    Location:
    Wiltshire
    Wi Fi

    Thank you Grommitt,

    I think ( + hope ) you are responding to old-mo with all that technical stuff going on !
    All I know is that my other half has a mini ipad + this will be our first time travelling to France in a rented MH and although I have researched it, like using 'aires' have not had much success in my results.
    We regularly travel to Spain and are able to utilise the internet there so thought it would be equally the same in France.
     
  9. Gromett

    Gromett Funster

    Joined:
    Feb 27, 2011
    Messages:
    7,905
    Likes Received:
    13,923
    Location:
    UK
    ok, You should be fine. As a matter of course if it was me I would be checking for firmware upgrades to all components of the system. Satelite router/modem, wifi router etc. But not an immediate panic for you Mo.
     
    • Like Like x 1
  10. Gromett

    Gromett Funster

    Joined:
    Feb 27, 2011
    Messages:
    7,905
    Likes Received:
    13,923
    Location:
    UK
    For accessing the internet abroad you need to ask someone else I am afraid. Perhaps a fresh thread so we don't get mixed up?

    I haven't been abroad in over 5 years now so my info is out of date sorry.:cry:
     
  11. Allanm

    Allanm Funster

    Joined:
    Jun 30, 2013
    Messages:
    3,028
    Likes Received:
    4,099
    Location:
    Cotes d'armor, France
    We never use open wifi, but do use Fon and BT wifi hotspots. I would imagine these are secure?
    Allan
     
  12. NickNic

    NickNic Funster Life Member

    Joined:
    Jan 14, 2014
    Messages:
    5,426
    Likes Received:
    11,100
    Location:
    Kettering
    Not particularly, no. Better than completely open but not by much.
     
  13. Welsh girl

    Welsh girl Funster Life Member

    Joined:
    Nov 7, 2009
    Messages:
    2,620
    Likes Received:
    1,232
    Location:
    living the dream.
    Thanks for the warning gromett.


    Using a private vpn like boxon is ok I hope to keep me safe?
    I use that more abroad than here as I now have all you can eat data from 3.
     
  14. Gromett

    Gromett Funster

    Joined:
    Feb 27, 2011
    Messages:
    7,905
    Likes Received:
    13,923
    Location:
    UK
    Not really. If it is in a popular place it could be a target for MITM attack. Basically if you are not in control of the wifi router and haven't got he password stored then the risk is too high. Its a case of balancing risks. This method could even be used against you on your home router but it is unlikely you would be specifically targeted.

    Here is an example of how it is done and what.
    http://null-byte.wonderhowto.com/ho...wireless-access-point-eavesdrop-data-0147919/

    Not really. If you are going through an open wifi point they can still sit in the middle and attack your VPN's SSL layer if it uses openSSL. The only exception to this is if the VPN is configured to only use high encryption levels and fail otherwise. You then not be able to get a connection and wouldn't know why.
     
  15. Gromett

    Gromett Funster

    Joined:
    Feb 27, 2011
    Messages:
    7,905
    Likes Received:
    13,923
    Location:
    UK
    All the Linux distributions I have dealings with have released updated packages so servers should be updated by now for big sites.

    Just be careful on the smaller sites if you want to spend money with them or do any other sensitive stuff.
     
Loading...

Share This Page