Your Wi-Fi Is Not Safe

– Hey guys, this is Austin Wi-Fi is basically everywhere and odds are you're using one of these devices over Wi-Fi pretty much every day

However, it just got a lot less secure Two Belgian researches were able to find a flaw in the WPA2 Wi-Fi protocol All this nerd talk aside means, is that a secured network is no longer as secure as you think So to take a closer look at this we have our resident hacking expert Wes, and you've actually spent a couple days trying to figure out exactly how all of this stuff works So there are two types of Wi-Fi: secured and open

Now you've probably connected to an open network at something like a coffee shop or an airport And while it's great to have free Wi-Fi, the downside of being open is that it really is truly open Nearly anything you do on an open Wi-Fi network can be spied on by other people So, the idea here is that if I decide to jump on Wi-Fi, you can intercept that and see what I'm doing – Yeah, my laptop is essentially now sitting in between your phone and whatever websites you're trying to access

– Okay, so if I say, "Go to googlecom right now," I just load it up, so I am on the Google homepage, no problem But on your end- – And what you can actually see here is that it is showing me that you are going to a Google service It's not gonna work for every website – Right

– This is an attack that has been known about for a while and is pretty combated in most websites A lot of people have the security features built-in to combat this What I'm seeing now, after I started kinda diving into it is there are actually some pretty major websites that are not fully protected yet – So, from my end, this looks totally normal I see HTTPS, it's secure, and, generally speaking, if you do see HTTPS with the little green lock on your browser, you are secure because even though this will get between me and my Wi-Fi, it won't get between me and the encryption and the Wi-Fi

You can't crack that step just yet – Exactly What this is trying to do, is it is trying to target that HTTPS but most big websites at this point have the technology and place to basically tell my laptop to get outta here – So, give me a website, let's try it – Let's go to spirit

com – Okay, it's loading It looks fine on my end I see it's not HTTPS, but, I mean, it looks like a lot of standard, generic websites – And that's kinda creepy

And look right there, I can see that you- – [Austin] Whoa! – [Wes] In an instant and what's creepy is it actually parses the data, too So, I can see the type was a check-in I see the last name and right there, locator – Yeah, that is really scary But, to be fair, that's only on open Wi-Fi

However, if you're at home- – Yeah, well, if you're at home, let's see that you're checking something personal like if you wanted to check banking information, so, I know some people are a fan of Amex so, go to American Express's website – Oh, interesting So, now I see wwwwwamericanexpresscom

– Which is another tactic that this kind of attack uses where, if it can't just strip it off, it'll try and do other little tricks to essentially allow it to all get bypassed – To get all the way through So, at this point, if you see something like this, bail This is not right It's one thing to not see HTTPS and you should really look for that anytime you're logging into anything sensitive, but, if you see a bunch of extra w's, that should be a big red flag

– That's when you know that something's up So, yeah, go ahead and press the login button that has a little lock next to it – This feels like such a bad idea – And go ahead and check your account Feel free to use your correct credentials

– I'm not gonna do that at all Alright, logging in – And, boom I can see that you're user ID is test and password is wesishacking right there, seconds! – So, you basically were able to capture all that Now, that's not a real account, as you guys might be able to imagine, so, it just bounced me out, but, normally speaking, if that was my actual account, I would have been logged right in, checking all my credit card information, the whole deal

– Yeah, you would have no idea, and I would not only have the information, but I would have it laid out for me in color coded fashion So, the concerning part about all this is the people that have actually discovered the WPA2 crack They have said that at a security conference that's coming up, they are going to release the code – It's gonna be in the wild – It's gonna be in the wild

So, they've essentially put a shot clock on every company to say, "Hey, if your device supports Wi-Fi,-" – Which is everything! – A couple devices, "You have to update soon, otherwise-" – It's too bad It's out there Until things get patched everywhere, you really should treat all Wi-Fi as if it's an open, unsecured network Now, there are ways around this For example, if you're plugged in via ethernet, then you're going to be able to avoid all of this

However, something you should always be doing regardless of how you connect to the internet, is looking out for that HTTPS in your browser bar That mean that, whatever you're sending, whether it's bank information, login info, credit cards, whatever, it's going to be secure At least, way more secure than otherwise A VPN is also a good idea So, it's not perfect

Your computer can send some information between when you get on Wi-Fi and when you connect to the VPN, but, generally speaking, encrypting web traffic is going to get around a lot of these issues and, as long as you're using an actually trustworthy VPN that is going to protect your data, you should be pretty safe Because this is so new, there actually aren't a lot of patches that are available for you to download just yet So, Google is working on an Android patch, which will be coming soon However, that's going to be going to Pixel devices and actually may take awhile before it hits the rest of Android phones Now, Microsoft did update Windows 10 already for this

However, even though Windows is patched, some Wi-Fi drivers may also need to be updated You can definitely expect other companies to follow suit quickly with updates for their products, but if you consider that pretty much everything in the world that connects to Wi-Fi is vulnerable to this, it's going to take awhile and if you have an older device, you might just not be able to get an update at all Thankfully, this can be fixed with software updates, but for now, make sure you're using HTTPS, and if you're really worried, you can consider using a VPN So, if you guys are interested in more info on hacking, I actually recently did an entire video all about it So, be sure to go check that out and I will catch you guys in the next one

Be the first to comment

Leave a Reply

Your email address will not be published.


*


This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

This site uses Akismet to reduce spam. Learn how your comment data is processed.