Turn on thread page Beta

My laptop keeps connecting to public networks - SERIOUS? watch

    • Thread Starter
    Offline

    19
    ReputationRep:
    I am on my laptop using my home WIFI network (virginmedia) and I just got a notification saying that I was connected to a public WIFI network (BT). I didn't allow this, and my own home WIFI connection was stopped to presumably enable this.

    Within a minute or so, it connected back to the usual home network.

    But I checked my Norton Protection recent activity, and it seems my laptop picks up public WIFI and tries to connect to it quite regularly. Luckily, it seems my Norton protection is stopping it, but is this a potential serious threat?
    Offline

    3
    ReputationRep:
    It's not a serious threat simply connecting to public wifi, it's only if you go online and enter banking details on an unsecured network that it's a problem
    • Community Assistant
    Offline

    20
    ReputationRep:
    Community Assistant
    (Original post by BobBobson)
    It's not a serious threat simply connecting to public wifi, it's only if you go online and enter banking details on an unsecured network that it's a problem
    This really isn't true.

    Simply being connected to a network throws out all sorts of data. Doesn't matter if you are online and entering bank details.

    There's a common misconception with your answer. You mention that connecting to the network isn't a problem, it's only when you go online. But the thing is you are online as soon as you connect. If you look at network traffic you'll see your laptop (or other device) communicating with the network both internally (e.g. the router) and externally (the internet). Examples of such communication can be simple things like downloading software updates, syncing files to a cloud storage, checking the system time and so on. A computer connected to a network will be communicating even if you don't have a web browser open.

    On top of that you are also visible on that network. For example you may not have a web browser open but if I log into the router I'll see your device is connected.

    Being on a public network is always potentially dangerous. Not only are you unsecured (some public networks are completely open, no passwords) but you're also perfectly visible to everyone else. I'm connected to a public network (password protected uni halls wifi) with my phone right now. With an application that can be downloaded for free from the play store I can see a long list of connected devices, local IP addresses and in some cases what those devices have been named. I can currenlty see 594 connected devices with names like Courtneys iPhone 6, Eduardos Macbook Pro, Peters Macbook Air and so on. I can see their local IP addresses on the network and their unique MAC addresses. And that's information I can easily get elsewhere. With that info I can start looking for someone that isn't secure and try to hack in. All without them ever needing to open a web browser. From there I can pull data from their devices, grab usernames and passwords, use their devices in other attacks and so on. This doesn't even consider what you can do if you start sniffing network traffic in general.

    Being on a public network is not safe. There's no getting around that. It's advisable not to do anything that sends or receives personal data (no passwords, addresses, banking details, etc.). But even if you don't do these things and just sit on the network you are opening yourself up as a target. You have to weigh up whether the risk is worth it. Since the percentage of attacks is relatively small compared to the number of people online odds are you'll be safe. But simply being connected is not considered safe.

    As for stopping the laptop connecting to random open wifi networks, go into your settings and tell it not to connect automatically to open networks. While you're there you may now be inclined to look at your other secruity and privacy settings.
    Offline

    12
    ReputationRep:
    (Original post by Acsel)
    This really isn't true.

    Simply being connected to a network throws out all sorts of data. Doesn't matter if you are online and entering bank details.

    There's a common misconception with your answer. You mention that connecting to the network isn't a problem, it's only when you go online. But the thing is you are online as soon as you connect. If you look at network traffic you'll see your laptop (or other device) communicating with the network both internally (e.g. the router) and externally (the internet). Examples of such communication can be simple things like downloading software updates, syncing files to a cloud storage, checking the system time and so on. A computer connected to a network will be communicating even if you don't have a web browser open.

    On top of that you are also visible on that network. For example you may not have a web browser open but if I log into the router I'll see your device is connected.

    Being on a public network is always potentially dangerous. Not only are you unsecured (some public networks are completely open, no passwords) but you're also perfectly visible to everyone else. I'm connected to a public network (password protected uni halls wifi) with my phone right now. With an application that can be downloaded for free from the play store I can see a long list of connected devices, local IP addresses and in some cases what those devices have been named. I can currenlty see 594 connected devices with names like Courtneys iPhone 6, Eduardos Macbook Pro, Peters Macbook Air and so on. I can see their local IP addresses on the network and their unique MAC addresses. And that's information I can easily get elsewhere. With that info I can start looking for someone that isn't secure and try to hack in. All without them ever needing to open a web browser. From there I can pull data from their devices, grab usernames and passwords, use their devices in other attacks and so on. This doesn't even consider what you can do if you start sniffing network traffic in general.

    Being on a public network is not safe. There's no getting around that. It's advisable not to do anything that sends or receives personal data (no passwords, addresses, banking details, etc.). But even if you don't do these things and just sit on the network you are opening yourself up as a target. You have to weigh up whether the risk is worth it. Since the percentage of attacks is relatively small compared to the number of people online odds are you'll be safe. But simply being connected is not considered safe.

    As for stopping the laptop connecting to random open wifi networks, go into your settings and tell it not to connect automatically to open networks. While you're there you may now be inclined to look at your other secruity and privacy settings.
    Now this is overreacting. Why would I take the risk of and go thruogh all the effort of "hacking" into your device when there isn't likely to be any useful information on it? I wouldn't bother unless I was targeting you, and even then, you post more valuable information to social media anyway.
    • Community Assistant
    Offline

    20
    ReputationRep:
    Community Assistant
    (Original post by Luneth)
    Now this is overreacting. Why would I take the risk of and go thruogh all the effort of "hacking" into your device when there isn't likely to be any useful information on it? I wouldn't bother unless I was targeting you, and even then, you post more valuable information to social media anyway.
    You act as it doesn't happen. It does. Yes it was a slightly exagerated example to show what can happen but it doesn't mean being on an open network isn't a security risk. It's not a huge amount of effort either. If someone knows what they are doing they will hack you and quite easily. People do go to coffee shops or somewhere else with open Wi-Fi and pull data.

    As far as useful info goes, pulling cookies and saved passwords for sites is pretty useful. Oh you leave your Facebook and email accounts logged in all the time? Thanks for a treasure trove of info. Give me any average persons laptop and I'm fairly sure I could extract some info from it.

    By chance have you heard about the massive internet outage recently in America? The short of it is a major internet infrastructure company underwent a huge attack which caused major internet problems for a large part of America. The attack was largely powered by IoT devices. Now obviously a laptop isn't an IoT device but it demonstrates the huge scale that hackers can perform at. Maybe you wouldn't be targeted directly while sat in the coffee shop on public Wi-Fi. But simply being there, on an open network makes you a nice open target. Link to the internet outage here:

    https://krebsonsecurity.com/2016/10/...ternet-outage/

    The other thing to consider is just what sort of people frequent public networks. Have you ever been in a coffee shop and seen someone, maybe dressed in a suit, busy typing away? Who knows what they work for and what sort of secrets you can get out of their devices. Not strictly relevant here but it still highlights the dangers of public networks.
    Offline

    3
    ReputationRep:
    (Original post by Acsel)
    You act as it doesn't happen. It does. Yes it was a slightly exagerated example to show what can happen but it doesn't mean being on an open network isn't a security risk. It's not a huge amount of effort either. If someone knows what they are doing they will hack you and quite easily. People do go to coffee shops or somewhere else with open Wi-Fi and pull data.

    As far as useful info goes, pulling cookies and saved passwords for sites is pretty useful. Oh you leave your Facebook and email accounts logged in all the time? Thanks for a treasure trove of info. Give me any average persons laptop and I'm fairly sure I could extract some info from it.

    By chance have you heard about the massive internet outage recently in America? The short of it is a major internet infrastructure company underwent a huge attack which caused major internet problems for a large part of America. The attack was largely powered by IoT devices. Now obviously a laptop isn't an IoT device but it demonstrates the huge scale that hackers can perform at. Maybe you wouldn't be targeted directly while sat in the coffee shop on public Wi-Fi. But simply being there, on an open network makes you a nice open target. Link to the internet outage here:

    https://krebsonsecurity.com/2016/10/...ternet-outage/

    The other thing to consider is just what sort of people frequent public networks. Have you ever been in a coffee shop and seen someone, maybe dressed in a suit, busy typing away? Who knows what they work for and what sort of secrets you can get out of their devices. Not strictly relevant here but it still highlights the dangers of public networks.
    Saved Passwords and account info aren't stored as raw text in the browser...
    • Political Ambassador
    Offline

    18
    ReputationRep:
    Political Ambassador
    (Original post by Acsel)
    You act as it doesn't happen. It does. Yes it was a slightly exagerated example to show what can happen but it doesn't mean being on an open network isn't a security risk. It's not a huge amount of effort either. If someone knows what they are doing they will hack you and quite easily. People do go to coffee shops or somewhere else with open Wi-Fi and pull data.

    As far as useful info goes, pulling cookies and saved passwords for sites is pretty useful. Oh you leave your Facebook and email accounts logged in all the time? Thanks for a treasure trove of info. Give me any average persons laptop and I'm fairly sure I could extract some info from it.

    By chance have you heard about the massive internet outage recently in America? The short of it is a major internet infrastructure company underwent a huge attack which caused major internet problems for a large part of America. The attack was largely powered by IoT devices. Now obviously a laptop isn't an IoT device but it demonstrates the huge scale that hackers can perform at. Maybe you wouldn't be targeted directly while sat in the coffee shop on public Wi-Fi. But simply being there, on an open network makes you a nice open target. Link to the internet outage here:

    https://krebsonsecurity.com/2016/10/...ternet-outage/

    The other thing to consider is just what sort of people frequent public networks. Have you ever been in a coffee shop and seen someone, maybe dressed in a suit, busy typing away? Who knows what they work for and what sort of secrets you can get out of their devices. Not strictly relevant here but it still highlights the dangers of public networks.
    This guy is acting like my paranoid mother.
    • Community Assistant
    Offline

    20
    ReputationRep:
    Community Assistant
    (Original post by BobBobson)
    Saved Passwords and account info aren't stored as raw text in the browser...
    Yes I'm well aware of that. That doesn't mean they're not accesible. Even if you're just saving your logins like a lot of people do then you're providing a gateway. It's not like you need the actual details in lots of cases anyway and that's not what most people target. If you can get the actual data then great but most people go after the hashes.
    • Community Assistant
    Offline

    20
    ReputationRep:
    Community Assistant
    (Original post by Elliwhi)
    This guy is acting like my paranoid mother.
    You're completely missing the point. I'm not saying these things will happen. I'm saying these things COULD happen. I'm not saying they're likely to happen.

    When you are on an open network you open yourself up to attack moreso than usual. My posts are in response to the idea that you are safe unless you "go online and enter banking details" on a public network. The whole point of my post is demonstrating how wrong this is and all the other POTENTIAL risks and things that COULD happen.

    But hey what can you expect? I'm doing a Forensic Computing degree. I'm supposed to know about these sorts of things. Far too few people are educated when it comes to staying safe online.
    Offline

    3
    ReputationRep:
    (Original post by Acsel)
    You're completely missing the point. I'm not saying these things will happen. I'm saying these things COULD happen. I'm not saying they're likely to happen.

    When you are on an open network you open yourself up to attack moreso than usual. My posts are in response to the idea that you are safe unless you "go online and enter banking details" on a public network. The whole point of my post is demonstrating how wrong this is and all the other POTENTIAL risks and things that COULD happen.

    But hey what can you expect? I'm doing a Forensic Computing degree. I'm supposed to know about these sorts of things. Far too few people are educated when it comes to staying safe online.
    I agree with you. Hackers could waste hours of their lives sitting in cafe, sniffing packets, waiting for someone to log into their email, where they could waste more hours decrypting the saved password so they can have access to my email address. Or maybe they could scrape usernames, and crack them using a rainbow table of hashes, or using the 20 most common passwords, or simply set up a basic phishing attack, and get 50x the number of emails in the same time.
    Offline

    21
    ReputationRep:
    Have you tried turning it off an on again?
    • Community Assistant
    Offline

    20
    ReputationRep:
    Community Assistant
    (Original post by BobBobson)
    I agree with you. Hackers could waste hours of their lives sitting in cafe, sniffing packets, waiting for someone to log into their email, where they could waste more hours decrypting the saved password so they can have access to my email address. Or maybe they could scrape usernames, and crack them using a rainbow table of hashes, or using the 20 most common passwords, or simply set up a basic phishing attack, and get 50x the number of emails in the same time.
    Well at least you understood the "could" part. The methods each person uses are going to vary. Not everyone is after the same thing. A single person in a cafe will be one persons prey, mass attacks will be someone elses.

    But regardless it's completely off topic since the entire point was that being online and putting in bank details are not the only things you need to be worrying about. What a hacker chooses to do, how they choose to do it and so on are completely separate matters.
 
 
 
The home of Results and Clearing

1,485

people online now

1,567,000

students helped last year
Poll
A-level students - how do you feel about your results?

The Student Room, Get Revising and Marked by Teachers are trading names of The Student Room Group Ltd.

Register Number: 04666380 (England and Wales), VAT No. 806 8067 22 Registered Office: International House, Queens Road, Brighton, BN1 3XE

Write a reply...
Reply
Hide
Reputation gems: You get these gems as you gain rep from other members for making good contributions and giving helpful advice.