A Question About Public Wi-Fi

Discussion in 'iPad General Discussions' started by Knightoftheapp, May 18, 2011.

  1. Knightoftheapp

    Knightoftheapp iPad Enthusiast

    Joined:
    Apr 7, 2011
    Messages:
    401
    Thanks Received:
    12
    Trophy Points:
    18
    Location:
    Chicago
    Ratings:
    +12 / 0
    I just downloaded a wifi finder app from the app store. It shows locations for both free and paid public wifi. Is it safe to assume that public wifi that you pay for is more secure than wifi that you DO NOT pay for. Or is that just a "twilight zone" assumption on my part?
     
  2. Somerled

    Somerled iPad Junkie

    Joined:
    Mar 1, 2011
    Messages:
    522
    Thanks Received:
    25
    Trophy Points:
    28
    Location:
    Louisville, KY - USA
    Ratings:
    +26 / 0
    If there is no password to connect, it is not secure at all, no matter how much you pay.
     
  3. DontUnderstandMyIpad

    DontUnderstandMyIpad iPad Guru

    Joined:
    Jan 22, 2011
    Messages:
    3,193
    Thanks Received:
    13
    Trophy Points:
    0
    Location:
    Outside my iPad, or was it inside?
    Ratings:
    +13 / 0
    Payed Wifi and security don't necessarily go hand in hand. You don't get charged for security, but for having internet access. In general public wifi is not secure, hence the name public, regardless of whether the wifi requires you to pay.

    Now, there are two common methods used for payed internet services and it depends on the hotspot provider which one is used. Often a payed wifi network requires a password, as the network is encrypted to prevent random people from joining. Or the wifi network is unencrypted, but you have to sign in with an account. The first method does provide a little bit more security then the second one, but not by much.

    What this means is, that a wifi network, which does not ask for a password upon joining is definitely unencrypted and not safe. But you can't make the assumption that a payed wifi is secure either. A wifi network is never safe, if there is more then one user on it! Even if the wifi network is encrypted, does it not provide more security, because everyone on the same network has the same encryption key and can thus not only record all wifi traffic, but also decrypt the information. An encrypted wifi network only prevents people without the wifi key of decrypting your wifi transmitted data.

    So essentially no public wifi is safe, unless you use a vpn service to encrypt your own data again.
     
  4. rainman4tech

    rainman4tech iPF Novice

    Joined:
    Jun 14, 2010
    Messages:
    14
    Thanks Received:
    0
    Trophy Points:
    0
    Ratings:
    +0 / 0
    Public Hotspots

    I've got to disagree with the previous poster, as I understand it if the AP is configured WPA even though all users have the same password they cannot see each others traffic. WPA speck calls for the password to be hashed with the id of the client system and the key is created from that so each user has a different key.

    Steve Gibson Gibson Research Security Now Podcast #272 talking about Firesheep on page 24 of 25.
    http://www.grc.com/sn/sn-272.pdf

    Steve: Yup. Just use a simple - all you have is a simple password because, as we discussed, WPA does enforce inter-client isolation. Individual clients negotiate their own private keys with the access point, even though they're using a common password. The password gets them in, but then their sessions are individually isolated. So that provides you protection against this kind of passive eavesdropping. So it's trivial for Starbucks to fix the problem, and it'd be great if they did

    Hope this helps and more can be uncovered at Steve's site where at an earlier popcast he goes even deeper into WPA Encryption.
    Enjoy Rainman
     
  5. DontUnderstandMyIpad

    DontUnderstandMyIpad iPad Guru

    Joined:
    Jan 22, 2011
    Messages:
    3,193
    Thanks Received:
    13
    Trophy Points:
    0
    Location:
    Outside my iPad, or was it inside?
    Ratings:
    +13 / 0
    @Rainman

    You bring up some good points. On an encrypted Wifi network, normally users don't see each others traffic.

    However, my point is, that once you are on a wifi network, you can run a program to capture all traffic, even if it is encrypted and then decrypt it. It doesn't matter, that WPA is used. Once you know the wifi password, and the SSID, you can decrypt the traffic going through the wireless network.

    Now, the average user may not know how to do this, but it is enough if one person has the knowledge and let's their computer capture all traffic to decrypt it at a later time. There just is no safety on a public wifi network, not even if it is encrypted. A combination of Wireshark&TShark will decrypt the WPA encrypted traffic into plain text from anyone on the same network.

    I am not saying this is legal in any way, unless you agree to have your wifi traffic decrypted, but it is possible and should be kept in mind.

    Anyway, here is a proof-of-concept:
    Wireshark and TShark: Decrypt Sample Capture File (by Joke Snelders)
     
  6. wasabinuki

    wasabinuki iPF Noob

    Joined:
    Mar 31, 2011
    Messages:
    8
    Thanks Received:
    0
    Trophy Points:
    0
    Location:
    USA
    Ratings:
    +0 / 0
    What if you used a travel router to create a new network from the public wi-fi connection provided by Starbucks? Would that secure your connection, or would people still be able to intercept the data once it leaves your travel router and into the Starbucks network?
     

Share This Page

Search tags for this page
can public wifi ipad
,

how to browse safely on ipad public wifi

,

ipad safe on public wifi

,
is an ipad safe to connect to wifi in restaurent
,
is it safe to download apps on ipad through public wifi
,
is my ipad safe in public wifi
,

safe to enter netflix password public wifi

,

safely use ipad on public network

,
using ipad on public network
,
where is it safe to use public wifi for ipad