Has anyone come across ACTUAL reports on mishaps when using one's own laptop/tablet to connect with banking or other HTTPS sites using free Wifi? I am thinking this is actually quite safe -- so long as user is satisfied that there is no keylogger (hardware or software) implanted in his or her laptop / tablet.
Banking on Free Wifi(20 posts)
I know one can always add layers of safety... my question is whether there are any objective reports of actual mishaps with accessing https type websites using free WiFi. My suspicion is "no" -- but that's the reason for posting this question.
I've never had a problem. However, I also was certain of the safety of the WiFi. Often unscrupulous people will set up their own network at public locations, such as airports, disguised as a legitimate location. If you log onto one of those, the lowlife will have full access to every keystroke you make on your computer. In those situations, even HTTPS won't protect you (I've heard of it happening and saw a demo on TV news to show how it can happen). The safest free WiFi locations are ones where one has to have a password to access it, such as many libraries, motel/hotels, etc.
Say I fall prey to an unscrupulous network -- which then gets a full record of my communication. Will any such network be able to receive my naked keystrokes -- or just encrypted jibberish? I thought only the owner of the particular https site I visit will have the key to decode?
I have read about "man in the middle" attacks / hijacks. But doesn't that require a keylogger -- be it hardware or software -- to intercept data -- after each keystroke, but before browser encryption?
I would discuss the situation with my bank and find out what liabilities I would incur if something should go wrong.
If the bank's policy is SOL, then I would bank with another bank that would protect me against unintended losses.
NO bank will ever say "sure, https is breakable, go online anytime and anywhere you like". The bank customer rep will simply repeat "best practices".
I am trying to tease out the hype from the reality. One way to do this is by searching out reports of actual mishaps.
Story of a Hacker who did it. Is It Safe To Bank On Public Wi-Fi? How Not To Get Hacked! Read down to "How did he hack my connection?" where it tells of him actually doing it.
It's not the HTTPS that gets busted, it's the fact that with an unsecured connection a hacker an get into your computer and place a keylogger or similar device. Then read your un-encrypted keys.
Thanks for the link.... I just read it and would like to develop it further. Per the article:
1. The author gave her friend an "OK" to conduct a Wifi snooping experiment.
2. The author then connects to the public Wifi and logs onto her bank via https.
3. The friend captures her log in ID and password!
A. The friend actually set up a "rogue" Wifi network beforehand.
B. The friend also set up a "look alike" bank page beforehand.
I am thinking that in a realistic situation...
1. A "rogue" Wifi network can indeed be set up, but
2. It would be hard to fool me with a fake bank page because mine has an individualized picture. Most banking sites have two different webpages for users to log through -- with second one individualized.
But the article is invaluable -- as it goes to show that people (me) can indeed fall for, say, a lookalike Google or Facebook sign-in page, not suspecting anything different -- and expose their ID's and passwords -- because these sites don't have individualized password pages!
My Bank does protect me so don't advise me since you don't know what you're speaking about.
It appears from your postings that you are always "spoiling for a fight" or trying to do "one ups man ship".
I'll stay off Your Topics if You Stay off of mine.
It's not data being transmitted via HTTPS that's in danger of being intercepted. Logging onto a bogus network gives the person who set up the network the opportunity to see all your keystrokes, sometimes by keylogger but more often by viewing directly. They can even invade your computer and either access all your data or install spyware.
LF (and others):
Thanks. I ask the question because I travel for 2 to 4 months out of the year each year. And sometimes, it's necessary to access a bank site in that long of a time frame.
Probably no one single "fail safe" way -- but how can users distinguish between genuine versus rogue Wifi hotspots?
When you ask for actual reports, are you looking for those that have been compromised? If they have most won't tell I think they don't want it to happen again. Anything can be hacked have a read here. http://www.bbc.co.uk/news/technology-12901041
If worried about using free Wifi for important projects just don't do it. No one can guarantee complete safety. It's only safe till someone hacks it.
Compare and contrast reports of systems and websites break in's -- versus banking mishaps from Wifi use. Seems like the former is 'daily' while the latter -- dare I say, close to nonexistent? Of course, there are risks... but even Xhi's linked article was a staged one for warning purpose.
NOT that I would do it again (or recommend anyone to do it) -- but in a 7-month trip back in 2009 -- before iPads and all -- I used computers in internet cafes all through Belarus, Ukraine, Russia and China. And my bank accounts didn't get drained. I didn't even notice any uptick on spam. Now that I have my own tablet (vs. relying on public computers) -- it should be quantum leaps safer -- but is that enough??? Subjective and impossible to answer -- thus, the request for actual reports.
@ ReadandShare. Go back and reread my post where I said I saw a demo of it actually being done. Xhi's link is the demo I saw on TV.
Also, check the results of this Google search. There are plenty of references saying it has happened.
Frankly, I agree somewhat with Rick. You are starting to come off like a troll.
Thanks for the link, and I will ignore the last sentence in your post.
I'd like to develop this more... is it safe to use public WIFi if I connect via VPN using my own Android tablet? We'll assume my tablet is free of keylogging software.
This topic has been closed to new replies.