Skip to main content
  1. Home
  2. Computing
  3. News

Newly discovered HTTPS flaw can expose supposedly secure URLs to wireless evesdropping

By

When you use HTTPS, the addresses you visit are supposed to be encrypted, regardless of what network you’re connected to. A newly discovered vulnerability proves that’s not necessarily true.

If you’re connected to an insecure wireless network, especially one that isn’t vouched for, HTTPS alone won’t protect you, security researchers Itzik Kotler and Amit Klein said this week in a talk at the Black Hat security conference in Las Vegas. With the right configuration, a malicious network could discover every supposedly protected URL you visited.

Recommended Videos

“We will demonstrate that, by forcing your browser/system to use a malicious PAC (Proxy AutoConfiguration) resource, it is possible to leak HTTPS URLs,” says the talk’s description.

Related

The vulnerability potentially affects Windows, Linux, and Mac computers regardless of browser: IE, Safari, and Chrome. But don’t panic about this affecting you at home, or at work. If you connect to a secure network, this doesn’t affect you. Instead, it’s something owners of supposedly free Wi-Fi networks could set up as part of a phishing operation.

It’s worth noting that the content of the sites you visit is not revealed by this vulnerability. But many sites put vital information, including usernames and even passwords, into URLs over HTTPS. It’s a bad security practice, but some developers assume that HTTPS protects information in such cases.

In other cases, even sharing the URLs you visit is too much information to give potential hackers.

The only way to truly be safe from exploits like this is to not connect to networks you cannot vouch for. If you’re in a coffee shop, verify that it offers Wi-Fi, and the network’s name, before connecting.

And even if an unsecured network is vouched for, assume that your information still might not be secure, even if you’re using HTTPS. Check out our guide to browsing the web privately, then set up a VPN or Tor to browse anonymously even on public networks. Even then, avoiding untrusted networks is probably the best bet.

Exploits like this prove that public Wi-Fi networks aren’t without risk, so take the time to inform yourself. It’s worth it.

Editors’ Recommendations

Topics
Justin Pot
Justin Pot
Former Digital Trends Contributor
Justin's always had a passion for trying out new software, asking questions, and explaining things – tech journalism is the…
LG’s latest smart monitor can roll on wheels, but needs a power plug
LG Smart Monitor Swing press image

LG has come up with the Smart Monitor Swing, a unique mobile display that combines a 31.5-inch 4K UHD IPS touchscreen with a stand featuring built-in wheels. Designed for users who prioritize portability, the Swing is said to be a follow-up for LG’s StanbyME portable screen. 

Unlike the StanbyME, there is no built-in battery as the monitor comes with a dedicated power adapter, a questionable choice since one would be restricted by the length of the power cord itself.

Read more
Prices for these popular computer accessories are going up
MX Master 3S mouse

Logitech has bumped up prices by up to 25% on a bunch of its products, probably because of tariffs on stuff coming in from China. A video breakdown by Cameron Dougherty (via 9to5Mac) shows that around 51% of Logitech's lineup is feeling the impact, with an average price hike of about 14%.

For instance, the MX Master 3S mouse has increased by $20 to $119.99, the Pro X TKL keyboard shot up from $199.99 to $219.99, and the K400 Plus Wireless Touch keyboard is now $34.99 after a $7 increase (that’s a 25% jump!).

Read more
Best tech for new grads: From dorm to office
Sony WH-1000XM5 headphones seen in silver.

Graduation season is just around the corner, which means it's about time that you start thinking about the gifts you're going to get for new graduates. Some students will head into college and move into dorms, while some students are leaving that chapter behind and will instead find their way into an office. With those in mind, we've rounded up this list of offers featuring discounts for some of the best tech for new grads.

Anker 332 USB-C Hub -- $25 $35 29% off

Read more