Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

This attack is a MitM. The attacker is able to act as the access point and receive the victim's traffic, unencrypted.

He is also able to modify this traffic and serve compromised pages.

The attacker needs to have a stronger signal than the legitimate access point. So he has to stand pretty close to the victim, physically.



But still, this is only problematic if you "trust" an access point. If you treat any wifi network like a public hotspot (i.e. potentially rogue), there's not much of a difference, right?

In practice, as long as you only trust data received through TLS, you should be fine.


> But still, this is only problematic if you "trust" an access point.

Which is the case for the vast majority of wifi users.

It is completely irrelevant how any of us here consider their access point. The problem is that the masses could be subject to these attacks and allows propagating malwares and botnets.


Do you not 'trust' your home wifi router?


Well, I don't trust whole the network (internet) in general, as I don't know where and how things are routed, and by whom.

The only situation where trust in the router would be relevant to me is for communication within a local network, so I'm controlling every device involved. And there, this attack might actually be harmful, as far as I understand.


Personally I don't, because my ISP owns it.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: