Spark Free WiFi zone secure?

Forums › Spark New Zealand (including Skinny and BigPipe) › Spark Free WiFi zone secure?

BrettOnTheNet

56 posts

Master Geek

#190697 9-Jan-2016 10:55

I've been trying to find out if the Spark Free WiFi Zones are secure to use, or whether you have to be very wary. Seems to me that as long as someone can connect they can also then see all the traffic on that WiFi transmitter. (But, I don't really know this subject that well, so I am guessing)

Do you need to be careful, or are they safe?

jamesrt

985 posts

Ultimate Geek

Trusted

Lifetime subscriber

#1466477 9-Jan-2016 12:24

Personally, I'd be very careful about what I used ANY form of "Free" WiFi for.

Basically, if you didn't need to type a password to connect to the WiFi hotspot in the first place, then the transmissions over the air are unencrypted and can be snooped by any theoretical "bad people". Having to use a passphrase/password to even connect in the first place means there is some security on the over-the-air component, but your session can still be snooped by the people who run the WiFi point should they so choose. Of course, the ISP could (theoretically) snoop the data regardless...

If you're then running an HTTPS session over the top of any connection, then there is more encryption at that layer, so that individual data transfer is somewhat safer. "Somewhat", because there are a number of ways of bypassing that, too.

I guess you need to assess the risk for yourself. I wouldn't be using my Internet Banking over "free" WiFi under any circumstances; Facebook over an HTTPS session on a phone-app / browser that was already signed in (so using a cookie to authenticate rather than a password) would probably be more acceptable (to me).

BrettOnTheNet

56 posts

Master Geek

#1466480 9-Jan-2016 12:30

Thank you! That pretty much confirms my suspicion. I will take care

Cheers
Brett

Noodles

481 posts

Ultimate Geek

#1466853 10-Jan-2016 07:45

I always use tor or VPN when connecting to wifi hotspots these days. It's trivial to snoop on traffic, even https traffic (sslstrip etc)

gareth41

643 posts

Ultimate Geek

#1467240 10-Jan-2016 20:48

Why can't they just switch to using Hotspot 2.0 authentication, its a standard defined by the wifi alliance back in 2011 and is designed to address all these problems of connecting to open wifi. At the very least I think spark should be broadcasting a second ssid requiring eap-tls with client isolation, and you simply login with your spark account.

hio77

'That VDSL Cat'
12315 posts

Uber Geek

Trusted

Spark

Subscriber

#1467259 10-Jan-2016 21:41

any public wifi be it secured or open, im always mindful of.

majority of the time i will straight out use my mobile data over it, and when i am in the situation where i do actually end up using, ill generally be tunnelling my traffic - im just a little paranoid like that, like to know at least to the endpoint of my choosing, my data is untouched.

#include <std_disclaimer>

Any comments made are personal opinion and do not reflect directly on the position my current or past employers may have.

Shakingaj

17 posts

Geek

#1467701 11-Jan-2016 15:46

use a vpn for any banking or social media. WhatsApp is encrypted (so I gather) so you can send messages without a VPN but anything else I wouldn't do.

I am not sure how prevalent wifi snooping is here. But theoretical or not why take a chance. It's like crossing rail tracks without checking if a train is speeding your way.

hio77

'That VDSL Cat'
12315 posts

Uber Geek

Trusted

Spark

Subscriber

#1467720 11-Jan-2016 15:54

Shakingaj: use a vpn for any banking or social media. WhatsApp is encrypted (so I gather) so you can send messages without a VPN but anything else I wouldn't do.

I am not sure how prevalent wifi snooping is here. But theoretical or not why take a chance. It's like crossing rail tracks without checking if a train is speeding your way.

now if only wifi had singles like train tracks to tell you when your being snooped on!

#include <std_disclaimer>

Any comments made are personal opinion and do not reflect directly on the position my current or past employers may have.

jnimmo

What does this tag do
1026 posts

Uber Geek

Subscriber

#1467758 11-Jan-2016 16:28

Any sites using SSL you should generally be OK (people could see the domains of the sites you are accessing but that should be all)

The biggest thing to be careful about is not logging into any websites that aren't HTTPS, and making sure your device isn't checking IMAP or POP email without encryption (how many people have it set up)

EDIT: On any sites of value I always check the padlock to view the certificate path to make sure the certificate was issued by a trusted CA and isn't being spoofed by a dodgy root or intermediate CA

MikeB4

15203 posts

Uber Geek

Trusted

Subscriber

#1467761 11-Jan-2016 16:31

I never use public WiFi for anything outside of basic browsing

Mike
Change Management Consultant
The views stated in my posts are my personal views and not that of any other organisation.

He waka eke noa