Why free WiFi isn't safe

March 16 news that CCTV exposed the safety of free WiFi at the 315 gala this year. At the scene, several engineers using counterfeit WiFi technology to eavesdrop on the audience's Internet content, and on the big screen to show to everyone, I believe many readers have looked at the hearts of the people. Lei Feng's network last year made a "Free WiFi Security Guide", which describes how to make WiFi more secure in various situations, and the guidelines are also valid today. This is also one of the guidelines, "Why is public WiFi unsafe?".

 
We often hear warnings from security experts that public WiFi is unsafe, and please connect carefully.
 
These warnings are indeed correct, and there are security implications for a very large percentage of public WiFi points. A sample safety survey showed that 21% of the country's 80,000 public WiFi were at risk.
&NBSP
But security experts have little reason to say that the damage is rarely done, but they don't know why. We know that connecting to the public WiFi may be stolen from various accounts, but why the stolen number is not very clear.
 
Why? Well, this is an explanation of the nature of the principle. In general, we may face two types of attacks after connecting to a public WiFi.
&NBSP
Intranet listener attacks
 
Simply put, in a common network, attackers can easily eavesdrop on the content of your Internet, including Baidu Web-disk upload photos, just hair Weibo and so on.
&NBSP
There are two ways, an ARP attack, used a few years ago only 1Mb, 2Mb broadband people will be more familiar with, someone opened Thunder download immediately with Peer-to-peer speed-limiting software, this software is used by the ARP attack. It is forged into a transit point between your mobile phone/computer and routing, not only to see all the flow, but also to speed limits.
 
Another kind is the network card's promiscuous mode listens, it can receive all broadcast traffic in the network. This is conditional, that is, the network has broadcast equipment, such as hub. Everyone in the company or Internet cafes can often see the hub, a "line into the network, dozens of lines out of" the expansion of equipment. If there is such a facility in this public WiFi, you may normally be able to tap into the traffic.
 
should be very mature in both ways, including ARP firewall, traffic encryption (buy an SSL VPN). If you are in the personal network also encounter these problems, you can refer to the Lei Feng Network published before the article "so set the route, 99.9% of hackers are not broken."
 
Fake WiFi attack
 
above is to say that if you are connected to a public WiFi, you may suffer an attack. But there is another situation where you can be attacked once you've connected to a public wifi.
&NBSP
To see a (fictitious) case, Xiao Wang once even moved the CMCC network Internet, a TA found on the subway, the mobile phone actually automatically connected to the "CMCC" WiFi, but usually this subway is a wooden CMCC signal it? And you can surf the Internet, Ta feels strange , turn off the WiFi right away, but the phones are loaded withClass software in the background are connected to the network. Go home Baidu Network disk A look, inside more than a "hacked by Helen" txt document.
 
sounds magical, doesn't it? The principle can be very simple. With 3G routing, do a "CMCC" of the password-free wifi, in which the configuration will be all traffic through your monitoring software, the next thing is the same as the front pull. Here is a small loophole, your mobile phone/computer will automatically connect all the previously connected WiFi, just CMCC is no password, forgery is convenient.
 
As for Baidu Network, app active networking sync, a lot of cookies value and some specific value to do the verification, get the data can be forged on the computer to this app ID landing, here just take the Baidu network disk for example, if really said in the only accidental ah.
 
Fake WiFi attacks take advantage of this setting for automatic connection, which can be protected by not automatic connection. But this seems more trouble, small weave hands on three devices, Windows for each wifi, have a separate whether automatic connection configuration; MIUI is similar, iOS is "ask whether to join the network", but open or not will automatically connect, more strange. Therefore, the easiest way to go out is to turn off WiFi, but also to save electricity. There's a more sophisticated way to fake WiFi, limited to the space behind the single open one, that will involve the WiFi stack, and the current is not too protective methods, we want to see earlier, you can pay attention to micro-credit "home guest" Letshome sent "fake WiFi" keyword to urge small series)
 
PostScript
 
You may also be able to hear some safe WiFi, which is a program launched by Tencent, 360, and several of them in partnership with public WiFi and commercial wifi. Small knitting used the security of Tencent WiFi, mobile phone housekeeper will automatically check the network DNS, ARP and several items, have a certain protective effect. However, it is still necessary to test whether the attack method can really be stopped, and few public information is available.
 
is one of several unsafe possibilities for public WiFi. We can actually see, want to do "safe" is actually very difficult, at least every no password WiFi to set the not automatic connection is a big project. Lei Feng Network can only provide security science, the rest of us to do their own.