Is it safe to connect an iPhone to public WiFi?

It is not safe for iPhone to connect to public WiFi.

We often hear warnings from security experts that public WiFi is not safe, so please connect with caution.

These warnings are indeed correct. A very large proportion of public WiFi points have security risks. A sample security survey once showed that 21 out of 80,000 public WiFi networks across the country were at risk.

However, safety experts rarely provide theoretical explanations of the hazards. Everyone can only know about them but not why. Everyone knows that various accounts may be stolen after connecting to a public WiFi, but it is not clear why the accounts are stolen.

This is a principle explanation. Generally speaking, after connecting to a public WiFi, you may face two types of attacks.

Intranet eavesdropping attack

To put it simply, in a different network, attackers can easily eavesdrop on users’ online content, including Baidu Netdisk Uploaded photos, just posted Weibo, etc.

There are two methods, one is ARP attack, which will be familiar to people who have used only 1Mb or 2Mb broadband a few years ago. Some people open Thunder and download it and immediately use p2p speed limiting software. This kind of software is ARP attack used. It pretends to be a transfer station between the user's mobile phone/computer and the router. Not only can it see all passing traffic, but it can also limit the speed of the traffic.

The other is the promiscuous mode monitoring of the network card, which can receive all broadcast traffic in the network. This is conditionally limited, that is, there are devices broadcasting in the network, such as HUB. You can often see HUB in companies or Internet cafes, an expansion device with "one network cable in and dozens of network cables out". If there is such a facility in the public WiFi, the general user's Internet traffic may be eavesdropped.

The protection methods to deal with the above two methods are also very mature, namely ARP firewall and traffic encryption (buy an SSL VPN). If you also encounter these problems in your personal network, "99.9% of hackers will not be able to break through the routing set up like this."

Fake WiFi attacks

The above are the attacks that you may suffer if you are connected to a public WiFi. But there is another situation where users can be attacked after connecting to public WiFi.

Let’s look at a (fictitious) case. Xiao Wang once connected to China Mobile’s CMCC network to access the Internet. Once he found on the subway that his mobile phone was automatically connected to the “CMCC” WiFi, but normally this subway Is there any CMCC signal? And he could still access the Internet. He felt very strange and immediately turned off the WiFi, but all the software installed on the phone were connected to the Internet in the background. When I went home and logged into Baidu Netdisk, I found a txt document of "Hacked by Helen" in it.

Sounds amazing, right? The principle is very simple. Comes with a 3G router, creates a "CMCC" password-less WiFi, and configures it to pass all traffic through your monitoring software. The next step is the same as before. A small loophole is exploited here. Everyone's mobile phone/computer will automatically connect to all WiFis they have connected to before. It just so happens that CMCC has no password, so it is very convenient to forge.

As for Baidu Netdisk, Apps actively synchronize with the Internet. Many use cookie values ??and some specific values ??for verification. After obtaining these data, you can forge the App ID on your computer to log in. Here we just use Baidu Take the network disk as an example. If it is really right, it is just an accidental injury.

Fake WiFi attacks use the "automatic connection" setting item, which can be protected by "do not automatically connect". However, this seems to be more troublesome. I have three devices in my hand. Windows has a separate automatic connection configuration for each WiFi; MIUI is similar; iOS "asks whether to join the network", but it will automatically connect whether it is turned on or not, which is strange. Therefore, the easiest way is to turn off WiFi when you go out, which also saves power.

You may still hear some talk about secure WiFi. This is a plan launched by Tencent, 360, and Xiaomi in cooperation with public WiFi and commercial WiFi providers. If you have used Tencent's secure WiFi, Mobile Manager will automatically check the DNS, ARP and other items of this network, which has a certain protective effect. However, whether it can truly block the above attack methods still needs to be tested. There is not much public information from these companies.

The above are several unsafe possibilities of public WiFi. You can actually see that it is quite difficult to achieve "security". At least it is a big project to set up each password-less WiFi so that it does not automatically connect.