|
|
|
|
|
|
by 001spartan
3372 days ago
|
|
|
If you leave your wifi on when you're not connected to a network, your device will automatically start sending probes for known networks. For instance, if your home wifi network is called "duggan's network", and you're at an airport across the world, your phone will advertise to all devices in the vicinity that you're looking for "duggan's network". Then, a malicious person can advertise an SSID of "duggan's network", and in certain cases, could get your device to connect to that network without you interacting with your device, or even realizing that something has changed. Ask most infosec people, and they'll tell you that they _always_ turn off their wifi when they leave a trusted location. |
|
|
Specifically having a completely open and unsecured wifi. If you put much of any security on it, that protects your users. Which is where the seemingly weird advice comes from for guest wifi to not use completely unsecured connections and at least try some kind of password.
So if you connect to completely unsecured wide open "Car Dealer Last Name Service Guest" network while you're getting your oil changed or whatever, someone can set up "Car Dealer Last Name Service Guest" at starbux and MITM you a bit, or at least mess with you. On the other hand if your car dealer has a wifi named "Guest Network" with a WEP key of the car dealers last name then its hard for a guy hours later at starbux to set up a WEP secured "Guest Network" that you can connect to and get MITM'd.
For a real good time ask yourself what stops someone from MITM you at the car dealer by setting up a WEP secured wifi with the same name as the dealership and the password thats the same as the sign on the wall. Well, basically nothing. This can make life entertaining.