Solved

Safe with VPN on fake "free wifi" at airport?

Posted on 2016-09-06
8
65 Views
Last Modified: 2016-09-09
On an airport fake "free wifi" network, would you be safe if using VPN?

Two hazards come to mind:

1) The initial login page could be malicious to take advantage of any drive-by boobie-traps.  For example, when the fake auth page phishes for xfinityWiFi or ATTwifi credentials, it could include malicious code attempting to take advantage of un-patched vulnerabilities   Yes, you could randomly happen across a malicious page on the internet, but why concentrate your risk of doing so by deliberately connecting to a malicious network?

2) Maybe your legit NAT router blocks netbios or other ports that maybe the malicious router might not?   Maybe this is less of an issue in 2016 with the default windows firewall blocking all inbound except permitted ports ?

So, if you had tunnel bear VPN on your laptop and were at the airport, would you feel safe (and be safe) using malicious wifi?

Thanks for all thoughts on this matter,
Mike
0
Comment
Question by:mike2401
8 Comments
 
LVL 15

Accepted Solution

by:
max_the_king earned 250 total points
ID: 41786363
Hi,
i'd say that you cannot be 100% safe ... however ...

if you really need to connect, you should disable microsoft file sharing and use a vpn client, whom security depends on the kind of vpn you use and how securely has been implemented.

What is good is that:
Traffic from your device is encrypted anyway should you use a vpn client, thus the sniffing gets really useless.

What is bad:
to start your vpn you need to be on the internet first: this means that you first connect to free-wifi (possibly you need to sign up agreement page) then your client will take time to connect to vpn server ... during that time you might be exposed to a man-in-the-middle attack. It is not very easy but theorically it is possible.

Conclusions:
there are very many other risks, little risks but still possible to happen. Reasonably You'll never ever get compromised but you can never be 100% sure.

hope this helps
max
0
 
LVL 35

Assisted Solution

by:Kimputer
Kimputer earned 250 total points
ID: 41786369
1) If you need the login page, and that's infected, VPN is of no use. So, keep your Windows and other software (in this case your browser, but ALL software should be update to date, like Adobe Reader etc etc), and then you can proceed to connect to open wifi networks.

2) doesn't matter at all, your Windows Firewall (or replacement like ESET Smart Sec, ZoneAlarm etc) should be UP at all times.

Have your phone ready too, using Android and  Wifi Analyzer:
Ex. situation: a whole bunch of Aruba networks devices (based on MAC address), then suddenly there's another access point with the same SSID, but totally different make/model?
0
 
LVL 90

Expert Comment

by:John Hurst
ID: 41786422
I would not use Airport Wi-Fi.  When I am in an airport, I use my iPhone as a hotspot.
0
 

Author Comment

by:mike2401
ID: 41786435
As I'm researching this, a drive-by-download attack on the wifi router login page could infect you before you get on the internet and establish a vpn.

So, fake-wifi seems particularly dangerous!!!

According to:
http://www.foxbusiness.com/features/2015/02/04/what-need-to-know-about-drive-by-cyber-attacks.html

"What is a drive-by download?
A drive-by download is a type of cyber attack that targets a person through their Internet browser, installing malware on their PC as soon as they visit an infected website. A person can be tricked into a drive-by download attack in two ways: (1) the person is lured into visiting a malicious website set up by criminals; or (

What type of malware can you get?
Drive-by attacks install a wide range of malicious files on the victim’s computer - it could be a virus, spyware, remote-access tool, keylogger, trojan and more. What is particularly concerning, however, is the drive-by’s propensity for infecting victim PCs with a banking trojan or ransomware."
0
Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

 
LVL 90

Expert Comment

by:John Hurst
ID: 41786440
What type of malware can you get? ..... drive-by’s ...  for infecting victim PCs with a banking trojan or ransomware.

And of course ransomware is the end of your data.

Don't risk it
0
 

Author Comment

by:mike2401
ID: 41788663
Here's a clever way to know if the xfinity hotspot is legit:

Just deliberately type a bad userid/password on the xfinity auth page.

A bogus wifi spot would then let you surf.  A real one would return: bad userid or password.

If bad, then type in your legit credentials.

This doesn't address the malicious login page scenario raised here, however.

-Mike
0
 

Author Comment

by:mike2401
ID: 41791496
Thanks!
0
 

Author Closing Comment

by:mike2401
ID: 41791498
Thanks!
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

Transferring data across the virtual world became simpler but protecting it is becoming a real security challenge.  How to approach cyber security  in today's business world!
If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
This Micro Tutorial will show you how to maximize your wireless card to its maximum capability. This will be demonstrated using Intel(R) Centrino(R) Wireless-N 2230 wireless card on Windows 8 operating system.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now