Serious Discussion Vulnerable network vs encrypted protocols

Tiamati

Level 12
Thread author
Verified
Top Poster
Well-known
Nov 8, 2016
574
Hey guys!

I'd like to know how https protocol, DNS over TSL/Https, and point to point encryption (like whatsapp) impact security in vulnerable network (such as public wifi). Is it possible to have access to sensitive information (like password, credit card, browser history...) if you are using those protocols? Man in the middle attacks and others exploits may have access to all kind of information even in that case?
 

Victor M

Level 9
Verified
Well-known
Oct 3, 2022
424
If your browser has a security vulnerability, then it doesn't matter what secure protocol you are using. A hacked or evil web site can still attack your browser and you may lose sensitive data. Your sensitive data is just being transferred to the hacked or evil web site using secure protocols. What secure protocols do successfully guard against is someone grabbing network traffic in a public WiFi scenario. The attacker will see garbage.
 
Last edited:
  • Thanks
Reactions: Tiamati

Tiamati

Level 12
Thread author
Verified
Top Poster
Well-known
Nov 8, 2016
574
ty!

So, with most websites and apps using secure protocols at the moment, there is any real reason to use VPN on public wifi? I know there are some apps/websites that may still use http or unsafe protocols, but any site or app using sensitive content are already covered (or should be at least). For example: bank apps, e-commerce, social media, backup apps. So, what is the point of encrypt all you connection, for security purpose, if everything that matters is already protected?
 
A

Azazel

In a home wifi or public wifi, your phone is exposed by open ports. An adversary can directly probe your devices for vulnerabilities and pentest you. There is no authorization or authentication for Lan and public networks and devices are explicitly trusted. There are protocols like UPnP that automatically broadcast your device through the network and make automatic connections. Websites that use https, protects your connection to that website but not your device especially if not up-to-date.
Example see Wannacry and how it broabacates through networks using wormlike behavior exploiting vulnerabilities in SMBv1.
 

Victor M

Level 9
Verified
Well-known
Oct 3, 2022
424
DNS TLS provides encrypted data like the domain's ip address you are searching for. HTTPS provides encrypted content transfer between web site and you. What is still visible in plain text is ip address you are going to.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top