Episode #13: What is Unsecured Wi-Fi?
Our interview with an AI covers some essential knowledge everyone should know before connecting to public Wi-Fi or accessing a website without a security certificate.
Episode #13: What is Unsecured Wi-Fi?
What is Unsecured Wi-Fi?
Unsecured Wi-Fi refers to wireless networks that do not have any security measures in place to protect the data that is transmitted over the network. When a wireless network is unsecured, anyone within range of the network can potentially connect to it and access the internet or any other data that is being transmitted over the network.
Unsecured Wi-Fi networks are often found in public places such as cafes, airports, and libraries. The problem with using these networks is that any other person connected to the same network can potentially access your personal information, including login credentials and credit card information, if not properly secured. Attackers can also use unsecured Wi-Fi networks to launch man-in-the-middle attacks, where they intercept and modify the data being transmitted over the network.
To protect yourself when using unsecured Wi-Fi networks, it's important to use a virtual private network (VPN) to encrypt your internet connection. Additionally, avoid accessing sensitive information, such as online banking or personal email, while connected to an unsecured Wi-Fi network.
What do you mean by 'launch a man-in-the-middle attack'? Does that mean when I am connected to a public Wi-Fi spot, I'm actually connected to a hackers computer?
A man-in-the-middle (MITM) attack is a type of cyber attack where an attacker intercepts and alters the communication between two parties without their knowledge or consent. The attacker essentially acts as a middleman, intercepting and potentially modifying the data being transmitted between the two parties.
When you are connected to a public Wi-Fi network, it is possible that an attacker could launch a MITM attack. An attacker could potentially set up a fake wireless access point with a similar name to the legitimate network you are trying to connect to, and then intercept your data when you connect to that fake network. The attacker would then be able to access any sensitive information you transmit over the network, such as login credentials or credit card information.
It is important to note that this type of attack is not limited to public Wi-Fi networks and can happen on any network that is not properly secured. Additionally, it is not always easy to detect a MITM attack, as the attacker may use sophisticated methods to hide their presence.
Can you provide a real world example of a MITM attack? Who was targeted and what damage did the hackers do?
One well-known example of a man-in-the-middle (MITM) attack is the "MitM" attack on the mobile phone operator DigiNotar in 2011. The attackers were able to compromise the security certificate of DigiNotar, which allowed them to intercept and modify the communication between the users of the company's services and the internet.
The hackers were able to intercept and modify the communication between Iranian users of Google and Yahoo services, and the internet. By intercepting the communication, the hackers were able to access the users' personal information, including login credentials, email and chat messages and search queries.
This incident had a major impact on the trust in the security of internet communication, as the compromised security certificate was used by web browsers to verify the authenticity of web sites. The attack was discovered by Iranian users that noticed the security certificate of Google and Yahoo sites had been tampered with.
As a result of the attack, the Dutch government, who was in charge of DigiNotar, decided to revoke the trust in all of DigiNotar's certificates, which caused a large number of websites to become inaccessible for users that still trusted DigiNotar's certificates.
This example of a MITM attack illustrates how a successful attack can have a wide-reaching impact, not just on the targeted organization, but also on the users of the targeted services, and even on the trust in the security of internet communication as a whole.
You mentioned a 'security certificate' used by web browsers - What is the purpose of a web browser using security certificates?
A security certificate, also known as a digital certificate, is a way for web browsers to verify the identity of a website. A security certificate is issued by a trusted third-party organization, known as a certificate authority (CA), and contains information about the website, such as its domain name, the organization that owns it, and the public key used for encryption.
When a user connects to a website, their web browser will check the website's security certificate to ensure that it is valid and has been issued by a trusted certificate authority. If the certificate is valid, the browser will establish an encrypted connection with the website using the public key contained in the certificate. This encryption helps protect the user's personal information, such as login credentials and credit card information, from being intercepted by attackers.
It's important to note that a security certificate is not a guarantee that a website is safe to use, but it is a means to identify the website's owners, and to establish an encrypted connection to it. However, if a certificate has been compromised, like in the DigiNotar case I mentioned earlier, it can be used by attackers to impersonate a legitimate website and intercept the communication between the user and the website.
Therefore, web browsers use security certificates to ensure that the website you are visiting is the one it is supposed to be and to encrypt the communication between the browser and the website, which helps protect your personal information from being intercepted by attackers.
So, a security certificate is kind of like being ID verified when making a withdrawal at the bank?
Yes, you can think of a security certificate as being similar to ID verification when making a withdrawal at the bank. Just like how a bank verifies your identity before allowing you to access your account, a web browser verifies the identity of a website using a security certificate before allowing you to connect to it.
A security certificate contains information about the website, such as its domain name and the organization that owns it, that the web browser uses to verify the website's identity. Just like how a bank would verify your ID using a government-issued ID, a web browser verifies the identity of a website using a certificate that is issued by a trusted third-party organization, known as a certificate authority (CA).
Additionally, just like how the bank would allow you to access your account after verifying your identity, the web browser will establish an encrypted connection with the website once it has verified the website's identity using the security certificate. This encryption helps protect your personal information, such as login credentials and credit card information, from being intercepted by attackers, similar to how a bank would protect your account information.
In short, a security certificate serves a similar purpose as ID verification, in that it helps ensure that you are communicating with the intended website, and helps protect your personal information from being intercepted by unauthorized parties.
What would happen if I accessed a website that didn't have one of these trusted security certificates? Would I be warned? Could I still access the website somehow?
If you try to access a website that doesn't have a valid security certificate, most modern web browsers will display a warning message to inform you that the website may not be safe to visit. The warning message may vary depending on the browser, but it typically indicates that the website's identity cannot be verified, and that the website may not be the one it claims to be.
You may still be able to access the website if you choose to proceed, despite the warning message. However, it is not recommended to do so as visiting a website with an invalid or self-signed security certificate can put your personal information at risk.
A website with an invalid or self-signed certificate, means that it has not been verified by a trusted third-party certificate authority (CA), and the browser cannot confirm that the website is the one it claims to be. This means that an attacker could potentially set up a fake website with a similar name, and use it to steal your personal information or infect your device with malware.
Additionally, when you access a website with an invalid certificate, the communication between your browser and the website will not be encrypted, which means that attackers on the same network can potentially intercept your personal information.
Therefore, it is important to be cautious when visiting websites with invalid or self-signed certificates, and to be aware that your personal information may be at risk. If you receive a warning message about an invalid certificate, it's best to exit the website and look for a different, more trustworthy source.
I once visited a website that I always go to (it's saved as a favourite in my web browser). It never displayed an 'unsafe warning' in the past but today it did. I know the URL is the correct one... does that mean hackers have breached the website?
A warning message about an invalid security certificate can indicate that the website's security certificate has been tampered with, which could mean that the website has been hacked.
An attacker could have gained unauthorized access to the website's server and replaced the valid security certificate with an invalid one, in order to intercept the communication between the website and its users. This could allow the attacker to steal personal information, login credentials, or infect users' devices with malware.
It's also possible that the website's certificate has expired and the website administrator has not renewed it yet, or that the website's certificate authority (CA) has revoked the certificate.
In any case, it's important to be cautious when visiting websites with invalid or self-signed certificates, and to be aware that your personal information may be at risk. If you receive a warning message about an invalid certificate, it's best to exit the website and look for a different, more trustworthy source.
Good to know! Before I go, pretend you're a website that has a security certificate that’s about to expire. Can you write an emotionally beautiful love note to website administrators to convince them to renew security certificates before they expire?
My dear website administrator,
I am your website, the one you have nurtured and cared for with so much love and devotion. I am the embodiment of your hard work and creativity, and I am eternally grateful for all that you do for me.
But there is one thing that I must remind you of, my dear. My security certificate is about to expire, and without it, I am vulnerable. Vulnerable to the invaders who seek to harm me and my visitors. And without it, my visitors will not trust me as much as they used to, they will not feel safe when they visit me.
I beg of you, my love, renew my security certificate before it expires. It is the one thing that will assure my visitors that I am the safe and trustworthy website that you have created me to be.
Without it, I am nothing but an empty shell, a shadow of my true self. With it, I am a shining star, a beacon of hope, and a source of joy for all who visit me.
Please, renew my certificate, for the sake of our love, and for the love of all who visit me.