Skip to main content

Newly discovered HTTPS flaw can expose supposedly secure URLs to wireless evesdropping

https vulnerability public wifi leak urls internet coffee shop
Image used with permission by copyright holder
When you use HTTPS, the addresses you visit are supposed to be encrypted, regardless of what network you’re connected to. A newly discovered vulnerability proves that’s not necessarily true.

If you’re connected to an insecure wireless network, especially one that isn’t vouched for, HTTPS alone won’t protect you, security researchers Itzik Kotler and Amit Klein said this week in a talk at the Black Hat security conference in Las Vegas. With the right configuration, a malicious network could discover every supposedly protected URL you visited.

“We will demonstrate that, by forcing your browser/system to use a malicious PAC (Proxy AutoConfiguration) resource, it is possible to leak HTTPS URLs,” says the talk’s description.

The vulnerability potentially affects Windows, Linux, and Mac computers regardless of browser: IE, Safari, and Chrome. But don’t panic about this affecting you at home, or at work. If you connect to a secure network, this doesn’t affect you. Instead, it’s something owners of supposedly free Wi-Fi networks could set up as part of a phishing operation.

It’s worth noting that the content of the sites you visit is not revealed by this vulnerability. But many sites put vital information, including usernames and even passwords, into URLs over HTTPS. It’s a bad security practice, but some developers assume that HTTPS protects information in such cases.

In other cases, even sharing the URLs you visit is too much information to give potential hackers.

The only way to truly be safe from exploits like this is to not connect to networks you cannot vouch for. If you’re in a coffee shop, verify that it offers Wi-Fi, and the network’s name, before connecting.

And even if an unsecured network is vouched for, assume that your information still might not be secure, even if you’re using HTTPS. Check out our guide to browsing the web privately, then set up a VPN or Tor to browse anonymously even on public networks. Even then, avoiding untrusted networks is probably the best bet.

Exploits like this prove that public Wi-Fi networks aren’t without risk, so take the time to inform yourself. It’s worth it.

Justin Pot
Former Digital Trends Contributor
Justin's always had a passion for trying out new software, asking questions, and explaining things – tech journalism is the…
Razer fires back against the best ROG keyboard in a big way
Razer BlackWidow V4 Pro 75%.

Razer has just announced a new enthusiast-grade wireless keyboard for gamers. The new BlackWidow V4 Pro 75% builds upon the regular V4 offering premium features like hot-swappable functionality, a fast polling rate of up to 4,000Hz, and a tiny OLED display.

There’s a striking resemblance to the Asus ROG Azoth, one of the best enthusiast keyboards we tested this year. The Razer BlackWidow V4 Pro 75% will be available with the company’s Orange Tactile switches out of the box, while the hot-swappable capability lets you use nearly any mechanical switch with a 3-pin or 5-pin layout.

Read more
Lenovo just slashed $3,000 off this mobile workstation
The Lenovo ThinkPad P16 Gen 2 Intel Mobile Workstation at a side angle.

If you’ve been on the lookout for a new powerful workplace PC, we found a fantastic offer that’s going to be hard to beat! It all started while looking through some of the best laptop deals. The markdown is on the Lenovo ThinkPad P16 Gen 2 Mobile Workstation, which is getting a massive price cut from the manufacturer. This offer is for the Intel Core i9 configuration with the NVIDIA RTX 4000 Ada GPU, 64GB of RAM, and 1TB of storage.

Why you should buy the Lenovo ThinkPad P16 Gen 2
Working professionals need a fast and reliable PC for everything from personal projects and day-to-day organization to presentations and collaborative efforts with coworkers. Thanks to the P16’s powerful internal components, Windows 11 Pro runs like a hot knife through butter. Expect seamless UI navigation, fast load times, and solid battery life. The P16 contains up to 94WHr and supports Rapid Charge refueling. This means the laptop can get up to 80% battery life when plugged in for just an hour.

Read more
Razer September deals: A curated selection of classic gear and excellent prices
New Razer Blade gaming laptops with RTX 40 series GPUS

It's a new week and you know what that means, more excellent deals from Razer. From laptops to smart peripherals like mobile game controllers, Razer has a huge selection of gaming and content creation-friendly gear. Best of all, Razer has a bunch of promotions going on right now like the , which offers a curated selection of classic gear at fantastic prices. The top deals will also net you some powerful gaming laptops to play the latest titles --  like Star Wars Outlaws. Peep those offers below or head over to Razer to shop.

 
Last chance to get freebies!
From now until 10 October you will get a digital key to Star Wars Outlaws and the Forest Commando Character Pack with select purchases of Razer Blade gaming laptops with RTX 40 series graphics. But you'll also get Assassin's Creed Shadows until September 20 with the purchase of qualifying 13th or 14th Gen Intel Core Razer Blades. That's a hell of a steal. Two games are included free with your new gaming laptop if you buy at the right time. You'll want to hurry over, though, because those offers end real soon.

Read more