Have you ever been hacked on an open CG WiFi system?

mikestock wrote:
I do use open WiFi on a limited basis. I will check email, send conversational email not involving financial matters. I do not use it to check credit cards, banking, making payments or anything that I wouldn't want to make public.

For the first time ever, I had an gmail account hacked while on a WiFi system when overnighting in central Texas. If fact I had reason to believe it was done by the campground owner in this small campground along I-20.

Google sent me an email stating that a change was made to my password. Asked me if I did it.

Has anyone run into this problem when staying at privetly owned campgrounds? I guess the owner of an open system can do this without a lot of trouble. Just wondering if anyone else has encountered a similar problem and can pin it down to a specific WiFi systen.

It's possible but very unlikely. Most likely the account was hacked by means of having access to additional accounts you have. Do you use the same password on any other sites? Do you use anything in the password that could be easily looked up, children/grandchildren's names, DOBs, etc? If you are on any social media posting photos and names, a boatload of information can be gathered about you.

Ductape wrote:
From a security POV it matters not whether the access point is open or secured. Secured AP just means people without the password can't connect.


What matters is that the person in control of the network can monitor all the traffic. If your traffic is insecure it can be read. If it's encrypted (HTTPS etc.) then (probably) not. I say "probably" because there are methods that sophisticated hackers could use that may be invisible to the typical user. But not likely anything the average person will experience.

Inaccurate on both counts. Open Wifi traffic can be easily looked at with free tools like FireSheep. When a non-https site is accessed any passwords are shown in clear text in the network packets. Https does encrypt but many sites hand your login off to a non-https page, where your password can easily be captured. In the case of Gmail as the OP is referring to, they use SSL top to bottom. Very unlikely the account was hacked by the CG owner.

Secured Wifi, that is WPA (NEVER use WEP), encrypts all the traffic. Each traffic stream gets it's own encryption algorithm so even with the WiFi code, it becomes pretty much impossible to break into.

And yes, the owner of the network can monitor your traffic, but without the encryption algorithm, they can't read any clear text data in the packets.

No

Nor have I been hacked at any other WiFi hot spot...McDs, Starbucks, Hospital, Panera Bread, or others...

I'll second naturist. We use a service called private internet access...pia, a trusted vpn provider.They are cross platform and very reasonably priced...and very easy to use.

www.privateinternetaccess.com



celt

It's unlikely that it's ever happened. Very unlikely.

From a security POV it matters not whether the access point is open or secured. Secured AP just means people without the password can't connect.


What matters is that the person in control of the network can monitor all the traffic. If your traffic is insecure it can be read. If it's encrypted (HTTPS etc.) then (probably) not. I say "probably" because there are methods that sophisticated hackers could use that may be invisible to the typical user. But not likely anything the average person will experience.

Never happened to me, but using any open wifi system is open to being hacked by anybody within range of the signal. That is why when I use an open wifi hot spot, I do not attempt to access anything that requires a password from me to use, not just banks but email and Facebook.

I heartily recommend using a VPN on such hot spots. You can then do your email, Facebook, and even banking with a high degree of certainty you won't be hacked or have your data stolen. I use one called GoTrusted, it costs me $6 a month, and works on my laptop as well as my iDevices, but there are many others.

A VPN encrypts all traffic between my device and the VPN company servers. So if a bad actor is listening in, all he gets is garbage, he can't even tell what sites I'm visiting. People who rely on public hot spots really owe it to themselves to have available such security.

No.