Possible MITM attack on wifi hotspot ?

Chafoin

Member
Joined
Jan 13, 2022
Messages
30
Reaction score
19
Credits
240
Ok so at work i have a wifi hotspot, they ask you to auth via web proxy. In order to get it to work i had to install a certificate. One of my coworker told me my https requests made trough this proxy are compromised by this certificate that could allow the hotspot to MITM if it wanted to.

Is this real ? I thought it was only for added security against eavesdropping and that the CA included in my Firefox are the only one being trusted at all time.

If someone can enlighten me that would be great, i have basic knowledge on SSL/TLS.
 


My knowledge is dated and perhaps a bit incomplete.

Certificates have to validate against a certificate authority. This means you have certificates stored on your device - plural. If you add a certificate, services using that same certificate authority can validate against it. It isn't some sort of catch-all.

So, if a website or service using the same certificates could be considered validated. Is there a a chance of their being a MITM? I suppose, but the people behind such would need to know a bunch of information and be using the same certificate authority. It doesn't blindly mean that anyone can just decrypt encrypted content that streams over that router.

Data encrypted with other certificates would still be encrypted. The certificate you're using should only be used to authenticate with the router and that's it.

Should... "You have this device. This device can exchange a matching key. You can authenticate against this router."

I think I've got it right. You might wanna wait for someone else, but I'm pretty sure that's correct. It's a key, but not a key to the kingdom - that kinda thing.
 
So the certificate i accepted is only to ensure the connection is secure between me and the hotspot ? The owner can't use it to decypher my web traffic and play my data again on the website i am trying to reach ?
 
So long as the traffic was otherwise encrypted, no.

However, if they installed anything else on the phone there's no telling what it can do - including monitoring the screen and collecting key presses.

The most simple solution is to only do work related things while using work related equipment - just to be sure. And, well, I'd have made them provide me with the device or pay for the device - and then maintained a second personal phone.
 
I read an article from How-To Geek a few weeks ago related to this topic:

Here's a short answer from the above link:
The upshot is that while public Wi-Fi is mostly safe, there are still a few snakes in the grass that can bite the unwary. If you have the situational awareness to make sure that you don’t accidentally wander onto a site still using HTTP—or use a browser that warns you when you access HTTP sites—then using public networks isn’t too much of a risk.
 
To be fair, if the site is http and not https, anyone able to packet sniff can read what's sent too and from the device in plain text. An additional cert isn't going to be needed.

I'm actually on the side where I feel the insistence on https is a bit absurd. So long as I'm not logging in and it's not confidential, I don't much care that you see I'm reading my local news. The https is overhead that's trivial when it's just one or two devices - but when it's billions of devices that adds up.

But, you can't have a site in plain http these days. Not without the browser complaining - even if it lets you reach the site.
 

Members online


Top