| Here's what I wrote last time this was posted (https://news.ycombinator.com/item?id=8457167), with some edits to respond to other comments made in this thread: An interesting read, but sparse enough on details to be basically useless. Additionally, there's nothing that I can discern to be new here. The following is demonstrated, all of which are known (and in fact obvious) to people with even an elementary understanding of how wifi and TLS work: * That wifi probes are public * That wifi devices, by default, expose reasonably reliable evidence about their type and origin via their MAC address * That many OS's automatically connect to 'trusted' wifi networks, regardless of their apparent physical location * That many websites don't have TLS by default (or at all) * That, if a user connects to a network you control and requests a URL not beginning with "https," it is trivial to present them with a fake page looking like the one to which they thought they were browsing (of course they won't see a lock) --(note: if the website has HTTP Strict Transport Security enabled and the user has previous visited that website with a supporting browser, then this part is non-trivial) * That, if a user transmits unencrypted plain text over a wifi network to which you have access, it's trivial to glean the content of their transmission. None of this is news, and it's all that this article seems to point out. Even more bizarre is that, almost without exception, it merely leaves these items implied, failing to describe the mechanism of action. |
* DNS and TLS (SNI) don't hide domain names, so you can't hide the fact that you're using certain sites/apps, even if they're HTTPS-only.
* If the OS doesn't require NTP encryption, HSTS can be bypassed: https://www.blackhat.com/docs/eu-14/materials/eu-14-Selvi-By...