Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




Mad Scientist
22159 posts

Uber Geek

Trusted
Lifetime subscriber

#210463 28-Mar-2017 15:03
Send private message

Sorry didn't know where to post this.

 

Is there such thing as https is safe in unsecured wifi transmission?

 

And do apps use https?





Involuntary autocorrect in operation on mobile device. Apologies in advance.


Create new topic
567 posts

Ultimate Geek


  #1749482 28-Mar-2017 15:28
Send private message

I'd say most (good) apps will use https along with certificate pinning, possibly along with an API key for talking back to their servers. Hard to tell if Uber is using https, but they certainly would on the page where they take credit card details  (and presumably store a token for re-billing)

 

 

 

On Android I'm sure you can get some type of sniffer or traffic analyzer to ensure that the traffic from an individual app is going out via https. 

 

I;m not saying Uber is safe, but it's a reputable company who have probably had many penetration tests.

 

 

 

 


15916 posts

Uber Geek

Trusted
Subscriber

  #1749516 28-Mar-2017 15:50
Send private message

https would typically be considered safe over unencrypted wifi. I think it's reasonable to assume Uber secure at least the important parts of their app with https communications.

 

I wonder about man in the middle type attacks. If someone controls DNS they could point you at any server, but the certificate wouldn't match the URL, so if the Uber app is doing encryption properly it shouldn't establish the connection.

 

All in all, you'll probably be ok. However, I'd probably use mobile data if you have it, the data volume will be trivially small.


 
 
 
 


329 posts

Ultimate Geek


  #1749707 28-Mar-2017 19:52
Send private message

Is the internet safe on free unsecured wifi? Even for apps using https to keep credentials safe, you will be still leaking private data like location, urls you visits, apps you use,.... The risk doesn't worth the few dollars a VPN costs IMO.


551 posts

Ultimate Geek

Subscriber

  #1749754 28-Mar-2017 20:52
Send private message

Applications can do ssl encryption(https) there are built in libraries on both android and iOS and i'm sure windows would be the same although i have no exact experience with windows phone.

 

HTTPS encrypts everything after the domain name so while anyone snooping in could tell what app or site your visiting by the domain name they will get nothing else.

 

As to the main question is the app using encryption its hard to tell without using wireshark to see the data. However I would be very surprised if uber would use HTTP when they have a perfectly valid ssl certificate. There is no reason not to encrypt and if they were not doing so someone would have said something publicly by now.





Geoff E


15916 posts

Uber Geek

Trusted
Subscriber

  #1749777 28-Mar-2017 21:08
Send private message

geocom:

 

There is no reason not to encrypt and if they were not doing so someone would have said something publicly by now.

 

 

Encryption requires additional computation. It's often offloaded to dedicated hardware if you have significant scale. So there is a reason not to encrypt, but it's not a great reason.


Create new topic



Twitter and LinkedIn »



Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Samsung Announces 2020 QLED TV Range
Posted 20-May-2020 16:29


D-Link A/NZ launches AI-Powered body temperature measuring system
Posted 20-May-2020 16:22


NortonLifeLock Online Banking Protection now available for New Zealand banks
Posted 20-May-2020 16:14


SD Express delivers new gigabyte speeds for SD memory cards
Posted 20-May-2020 15:00


D-Link A/NZ launches Nuclias cloud managed network solution hosted in Australia
Posted 11-May-2020 17:53


Logitech introduces new video streaming solution for home studios
Posted 11-May-2020 17:48


Next generation Volvo cars to be powered by Luminar LiDAR technology
Posted 7-May-2020 13:56


D-Link A/NZ launches Wi-Fi Certified EasyMesh system
Posted 7-May-2020 13:51


Spark teams up with Microsoft to bring Xbox All Access to New Zealand
Posted 7-May-2020 13:01


Microsoft plans to establish its first datacenter region in New Zealand
Posted 6-May-2020 11:35


Genesis School-gen has joined forces with Mind Lab Kids
Posted 1-May-2020 12:53


Malwarebytes expands into privacy with fast, frictionless VPN
Posted 30-Apr-2020 16:06


Kordia to donate TV airtime on Channel 200 to community groups
Posted 30-Apr-2020 16:00


OPPO A91 is a high specs mid-range smartphone
Posted 23-Apr-2020 16:44


NordVPN rolling out NordLynx new generation VPN protocol based on WireGuard
Posted 23-Apr-2020 16:37



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.