Apr 16, 2014

What can someone potentially see when you use unsecured public WiFi?

I understand that using unsecured public WiFi is a security risk, and if I’m not using a VPN, someone can “eavesdrop” on my activity. What I don’t know is what could they actually see? Could they just mirror my activity on their laptop and watch in real time what I’m doing, or is it more like you might see in a Hollywood movie, with pages of code streaming quickly down the screen (preferably green text on a black background for max cliche).

If you're neighbor has let you use their wi fi network in your home, can they see everything you've been searching and downloading?
Here's what an eavesdropper sees when you use an unsecured Wi-Fi hotspot

" You’ve probably read at least one story with warnings about using unsecure public Wi-Fi hotspots, so you know that eavesdroppers can capture information traveling over those networks. But nothing gets the point across as effectively as seeing the snooping in action. So I parked myself at my local coffee shop the other day to soak up the airwaves and see what I could see.

My intent wasn't to hack anyone's computer or device—that's illegal—but just to listen. It’s similar to listening in on someone’s CB or walkie-talkie radio conversation. Like CBs and walkie-talkies, Wi-Fi networks operate on public airwaves that anyone nearby can tune into.

As you'll see, it’s relatively easy to capture sensitive communication at the vast majority of public hotspots—locations like cafes, restaurants, airports, hotels, and other public places. You can snag emails, passwords, and unencrypted instant messages, and you can hijack unsecured logins to popular websites. Fortunately, ways exist to protect your online activity while you’re out-and-about with your laptop, tablet, and other Wi-Fi gadgets. I'll touch on those, too. "

It mostly depends on the type of attack. for example, a free program like tcpdump can be used to capture all of the data sent over the wireless connection, including both traffic to or from your computer. Thus, any unencrypted internet traffic to/from your computer can be transparently viewed, either at the time or later. In the simplest case, this includes every website you visit, but if the websites don't use HTTPS, this can include passwords and usernames. Also some tools like nmap can be used to quietly scan a machine for any services you may have left open, and can then be used to attempt to break into them. In particular, remote desktop and screen sharing allow for simple visual observation of all behaviour on your machine.
On an open wireless network,Unpatched exploits are worse as an attacker can run arbitrary code on your machine. Most commonly, this will involve installing some piece of spyware, such as a keylogger to records keystrokes made on a computer.


Just to add to what Adam already said, there was an article on PCworld last year where the author checked to see what he could see by snooping over public WiFi. Short answer: A LOT! It might be worth a read if you have time. 



If they're on unencrypted wifi, going to non-ssl (https) sites, then they can basically see everything you're seeing. Not even close to the movie cliches. It's more like a window with a list of clickable "caches", that would then open up to the page you went to/are currently on. This in itself isn't that threatening. They won't be able to see info you type into a page unless it's a "post" and gets saved to the website database for frontend visibility.


Ever hear of Firesheep? Made a bit of news back in 2010. Here's an article that'll give you a brief description of the type of "can of worms" Firesheep opened up, as well as its predecessor, Cookie Cadger.


The biggest threat with these programs, in my opinion, is not the program itself, but the ability to use these programs to watch someones habbits (like which websites they normally go to) for a day or two and pick a non-ssl site to set up a man-in-the-middle attack.

Answer this