Ask HN: Is Public WiFi Dangerous?
by JaceLightning on Hacker News.
I know there are several attack vectors on public Wifi, but these days are they mostly mitigated? – Man-in-the-middle attacks: thwarted by certificate authority checking by the browser and/or certificate pinning in mobile apps. Browser will not let you advance if the certificate is invalid.
– Replay attacks: OAuth tokens expire and good sites will use nonces.
– Packing sniffing on open networks: thwarted by TSL over http and encrypted traffic (unless you have a root certificate installed).
– DNS lookups are somewhat plaintext, but now started to be done over https. Even then, attackers would know what you’re connected to, but not what you are saying.
– Port scanning/direct attacks: Firewalls by default lock down ports and well-patched machines prevent this
– Email (SMTP) and other protocols: are all encrypted as well to prevent snooping. Is using public Wifi actually dangerous? If so, what’s the attack vector?