Skip to main content

Newly discovered HTTPS flaw can expose supposedly secure URLs to wireless evesdropping

https vulnerability public wifi leak urls internet coffee shop
When you use HTTPS, the addresses you visit are supposed to be encrypted, regardless of what network you’re connected to. A newly discovered vulnerability proves that’s not necessarily true.

If you’re connected to an insecure wireless network, especially one that isn’t vouched for, HTTPS alone won’t protect you, security researchers Itzik Kotler and Amit Klein said this week in a talk at the Black Hat security conference in Las Vegas. With the right configuration, a malicious network could discover every supposedly protected URL you visited.

“We will demonstrate that, by forcing your browser/system to use a malicious PAC (Proxy AutoConfiguration) resource, it is possible to leak HTTPS URLs,” says the talk’s description.

The vulnerability potentially affects Windows, Linux, and Mac computers regardless of browser: IE, Safari, and Chrome. But don’t panic about this affecting you at home, or at work. If you connect to a secure network, this doesn’t affect you. Instead, it’s something owners of supposedly free Wi-Fi networks could set up as part of a phishing operation.

It’s worth noting that the content of the sites you visit is not revealed by this vulnerability. But many sites put vital information, including usernames and even passwords, into URLs over HTTPS. It’s a bad security practice, but some developers assume that HTTPS protects information in such cases.

In other cases, even sharing the URLs you visit is too much information to give potential hackers.

The only way to truly be safe from exploits like this is to not connect to networks you cannot vouch for. If you’re in a coffee shop, verify that it offers Wi-Fi, and the network’s name, before connecting.

And even if an unsecured network is vouched for, assume that your information still might not be secure, even if you’re using HTTPS. Check out our guide to browsing the web privately, then set up a VPN or Tor to browse anonymously even on public networks. Even then, avoiding untrusted networks is probably the best bet.

Exploits like this prove that public Wi-Fi networks aren’t without risk, so take the time to inform yourself. It’s worth it.

Editors' Recommendations

Justin Pot
Former Digital Trends Contributor
Justin's always had a passion for trying out new software, asking questions, and explaining things – tech journalism is the…
Despite serious security flaws, D-Link will (again) not patch some routers
modem vs router plugging in

For the second time in roughly a year, D-Link has failed to act on warnings from security researchers involving the company's routers. The latest incident arose after Silesian University of Technology researcher Błazej Adamczyk contacted D-Link last May about three vulnerabilities affecting eight router models. Following the warning, D-Link patched two of the affected routers, but did not initially reveal how it would proceed for the remaining six models. After further prompting from Adamczyk, D-Link revealed that the remaining six routers would not get a security patch because they were considered end-of-life models, leaving affected owners out in the cold.

"The D-Link models affected are the DWR-116, DWR-140L, DWR-512, DWR-640L, DWR-712, DWR-912, DWR-921, and DWR-111, six of which date from 2013, with the DIR-640L first appearing in 2012 and the DWR-111 in 2014," Naked Security reported. Though these are not current models in D-Link's portfolio, many of the listed models are still likely to be in use.

Read more
Wi-Fi vulnerability could allow attackers to steal your data on unencrypted sites
the fbi wants you to reboot your router insecure getty

Computer scientists at the University of California, Riverside, have discovered a security flaw that affects all Wi-Fi routers. Hackers could exploit the weakness in the transmission control protocol (TCP) and perform a web cache poisoning attack to steal passwords, login information, and other private data. Unfortunately, a fix isn't possible, as the vulnerability stems from a 20-year-old design based on TCP and Wi-Fi. To prevent hackers from using the exploit, researchers recommend that manufacturers build routers that operate on different frequencies for transmitting and receiving data.

Fortunately, this attack technique won't work with encrypted sites that use HTTPS and HSTS. Users on Ethernet connections are similarly not affected. Given that the attack won't work on encrypted sites, most users who browse the internet on a modern browser shouldn't be affected. Many browsers, including Google's Chrome, already warn users if they visit an unencrypted site.

Read more
Regular Wi-Fi can accurately detect bombs, chemicals, and weapons in bags
project fi travel trolley sjc get there early

For the last couple of decades, security measures in places like airports, schools, stadiums, and other public venues have continuously ramped up. X-ray machines, surveillance cameras, and bag searches have all become commonplace, but still concealed weapons, bombs, and explosive can slip through the cracks -- sometimes with tragically devastating effect.

Looking for a new way to help solve this problem, researchers from Rutgers University, Indiana University - Purdue University Indianapolis, and Binghamton University have found a fresh use for a technology that is ubiquitous in 2018: Ordinary Wi-Fi. Using this radio wave-based connectivity tool, they developed a new type of security screening system which is both low-cost and, potentially, life-saving. It works by detecting suspicious objects by leveraging the fine-grained channel state information (CSI) from off-the-shelf Wi-Fi, without needing to invade the user’s privacy by physically rifling through bags.

Read more