WiFi Security Questions

1. If I connect to an unsecured public WiFi, and someone is capturing packets, will he be able to capture and read all my unecrypted data?
2. If it's secured by WPA, does that prevent him from capturing data?
3. Is cellphone data secure?

Thanks!
LVL 11
epichero22Asked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
Dan CraciunConnect With a Mentor IT ConsultantCommented:
1. Yes
2. No. He will still be able to capture the data, but he will need to decrypt it. The packets still travel on the same medium (air) even when encrypted.
3. From who?
0
 
JelcinCommented:
2. If he / she has the WPA key and is in the same wlan then he is able to capture the packets without having to decrypt it.
3. Cell phone data in general is secure but of course it can be captured for example by NSA :)
0
 
Kent DyerIT Security Analyst SeniorCommented:
If you Google PCWorld's 5 Wi-Fi Security Myths you need to abandon now will help you understand this.  For the encryption (WPA/WPA-2), you need a PSK (Pre-Shared) key to get on your WPA or WPA-2..  Do stay away from WEP as it is pretty easily cracked.
0
What Kind of Coding Program is Right for You?

There are many ways to learn to code these days. From coding bootcamps like Flatiron School to online courses to totally free beginner resources. The best way to learn to code depends on many factors, but the most important one is you. See what course is best for you.

 
Darr247Connect With a Mentor Commented:
> 2. If he / she has the WPA key and is in the same wlan then he is
able to capture the packets without having to decrypt it.

That's not accurate. If it's WPA2/AES they would both have different encryption vectors, set when their sessions were negotiated, using different NONCE values.  The data are not encrypted using only the 8 to 63 character passphrase.
0
 
Craig BeckConnect With a Mentor Commented:
+1 for Darr's comment.

The data is encrypted on a per-session basis between client and AP and the session-key is unique per client.  The data is only decrypted by the AP or client.

If clients connected to the same AP are exchanging data it is decrypted at the AP then re-encrypted with the particular receiving client's session details before it gets to him.

If the data leaves the AP on the wired-side it is decrypted before it goes on the wire, but then the data isn't sniffable by a wireless client.

That's not to say that it's completely secure though.  Once you have the PSK you can grab some over-the-air packets and attempt to decrypt them using the information you already have and a dictionary, for example.
0
 
epichero22Author Commented:
What about networks that have no security, but you need to login through a webpage before it lets you browse?  Can someone else still see what I'm sending / receiving?
0
 
Craig BeckConnect With a Mentor Commented:
Yes.  The traffic over-the-air is completely unencrypted after the initial login (usually via HTTPS).

You could use a VPN service to encrypt your traffic using IPSec if you use an open hotspot.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.