Here\'s an observation: My apartment offers free wifi around the social congrega
ID: 655762 • Letter: H
Question
Here's an observation: My apartment offers free wifi around the social congregation areas. It is not encrypted BUT as I have observed, each connecting device is confined to its own VLAN (based on MAC address I guess). So you really cannot fiddle with anyone else's data (or can you?)
To start surfing, the user needs to first press an acceptance button, and then only is the Internet activated. But this does not hold for google websites (search, gmail, etc.). I am wondering:
1. What is the ISP gaining by offering unrestricted access to Google?
2. Given the security params of this WiFi, is it secure to do bank transactions?
3. What kind of attacks can be pulled off here? My first impression is MITM is not an option (but please correct me).
Explanation / Answer
To answer your questions:
I would imagine that either the router is just set up that way to be convenient, and so that you can contact help if the thing isn't working. That's my theory, I really have no idea why you would do such a thing. It sounds like a bad security practice to me, but also a purposeful choice.
1. You really shouldn't be doing your bank transactions on public WiFi, period. It would be nice if this router provided you with an additional layer of security, but in reality you should be doing your banking from access point you control. What if the router itself is compromised?
2. Whenever you connect to this router, you have no idea whether you are connecting to the real router, a copy cat, or the real router after a compromise. Maybe your comfortable with the risk, but I'd rather take my chance at home.
3. Man in the middle attacks. All the attacker has to do is to masquerade as the router and let someone connect. If he can't find anybody about to connect, that's fine. He uses a deauth attack to knock everyone off the router, and impersonates it as everyone pops back on. You might not notice yourself popping on and off