Safe with VPN on fake "free wifi" at airport?

Posted on 2016-09-06
Medium Priority
Last Modified: 2016-09-09
On an airport fake "free wifi" network, would you be safe if using VPN?

Two hazards come to mind:

1) The initial login page could be malicious to take advantage of any drive-by boobie-traps.  For example, when the fake auth page phishes for xfinityWiFi or ATTwifi credentials, it could include malicious code attempting to take advantage of un-patched vulnerabilities   Yes, you could randomly happen across a malicious page on the internet, but why concentrate your risk of doing so by deliberately connecting to a malicious network?

2) Maybe your legit NAT router blocks netbios or other ports that maybe the malicious router might not?   Maybe this is less of an issue in 2016 with the default windows firewall blocking all inbound except permitted ports ?

So, if you had tunnel bear VPN on your laptop and were at the airport, would you feel safe (and be safe) using malicious wifi?

Thanks for all thoughts on this matter,
Question by:mike2401
LVL 18

Accepted Solution

max_the_king earned 1000 total points
ID: 41786363
i'd say that you cannot be 100% safe ... however ...

if you really need to connect, you should disable microsoft file sharing and use a vpn client, whom security depends on the kind of vpn you use and how securely has been implemented.

What is good is that:
Traffic from your device is encrypted anyway should you use a vpn client, thus the sniffing gets really useless.

What is bad:
to start your vpn you need to be on the internet first: this means that you first connect to free-wifi (possibly you need to sign up agreement page) then your client will take time to connect to vpn server ... during that time you might be exposed to a man-in-the-middle attack. It is not very easy but theorically it is possible.

there are very many other risks, little risks but still possible to happen. Reasonably You'll never ever get compromised but you can never be 100% sure.

hope this helps
LVL 37

Assisted Solution

Kimputer earned 1000 total points
ID: 41786369
1) If you need the login page, and that's infected, VPN is of no use. So, keep your Windows and other software (in this case your browser, but ALL software should be update to date, like Adobe Reader etc etc), and then you can proceed to connect to open wifi networks.

2) doesn't matter at all, your Windows Firewall (or replacement like ESET Smart Sec, ZoneAlarm etc) should be UP at all times.

Have your phone ready too, using Android and  Wifi Analyzer:
Ex. situation: a whole bunch of Aruba networks devices (based on MAC address), then suddenly there's another access point with the same SSID, but totally different make/model?
LVL 101

Expert Comment

ID: 41786422
I would not use Airport Wi-Fi.  When I am in an airport, I use my iPhone as a hotspot.
We Need Your Input!

WatchGuard is currently running a beta program for our new macOS Host Sensor for our Threat Detection and Response service. We're looking for more macOS users to help provide insight and feedback to help us make the product even better. Please sign up for our beta program today!


Author Comment

ID: 41786435
As I'm researching this, a drive-by-download attack on the wifi router login page could infect you before you get on the internet and establish a vpn.

So, fake-wifi seems particularly dangerous!!!

According to:

"What is a drive-by download?
A drive-by download is a type of cyber attack that targets a person through their Internet browser, installing malware on their PC as soon as they visit an infected website. A person can be tricked into a drive-by download attack in two ways: (1) the person is lured into visiting a malicious website set up by criminals; or (

What type of malware can you get?
Drive-by attacks install a wide range of malicious files on the victim’s computer - it could be a virus, spyware, remote-access tool, keylogger, trojan and more. What is particularly concerning, however, is the drive-by’s propensity for infecting victim PCs with a banking trojan or ransomware."
LVL 101

Expert Comment

ID: 41786440
What type of malware can you get? ..... drive-by’s ...  for infecting victim PCs with a banking trojan or ransomware.

And of course ransomware is the end of your data.

Don't risk it

Author Comment

ID: 41788663
Here's a clever way to know if the xfinity hotspot is legit:

Just deliberately type a bad userid/password on the xfinity auth page.

A bogus wifi spot would then let you surf.  A real one would return: bad userid or password.

If bad, then type in your legit credentials.

This doesn't address the malicious login page scenario raised here, however.


Author Comment

ID: 41791496

Author Closing Comment

ID: 41791498

Featured Post

We Need Your Input!

WatchGuard is currently running a beta program for our new macOS Host Sensor for our Threat Detection and Response service. We're looking for more macOS users to help provide insight and feedback to help us make the product even better. Please sign up for our beta program today!

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

The Cyber News Rundown brings you the latest happenings in cyber news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst, and a guy with a passion for all things security. Any more questions? Just ask.
Phishing emails are a popular malware delivery vehicle for attack.  While there are many ways for an attacker to increase the chances of success for their phishing emails, one of the most effective methods involves spoofing the message to appear to …
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

624 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question