Why-HTTPS-alone-won’t-keep-you-safe-on-public-Wi-Fi

Insights

CASVPN thought leaders and subject matter experts share their
insights and experiences

Apr 9 19

Why HTTPS alone won’t keep you safe on public Wi-Fi

Most websites now use HTTPS to encrypt your connection and add a layer of protection to your data. But if you are on public Wi-Fi, using HTTPS without a VPN means that some of your data will still be vulnerable.

HTTPS does not encrypt all your data, like DNS queries. If you are using public Wi-Fi without a VPN, you are putting yourself at risk.

How HTTPS work?

HTTPs uses the Transport Layer Security (TLS) protocol that primarily enables to secure web browsing, data transfer, applications access, and most internet-based communication. It allows privacy, integrity, and protection for the data that’ transmitted between different nodes on the internet. TLS protocols consist of the following steps in the given below:

  • To ensure the integrity of their connection, your browser and the Internet server initiate a “handshake” by sharing a public key.
  • Once the handshake is established, the server and browser negotiate private keys to encrypt your connection.
  • Each connection generates its own, unique private key, and the connection is encrypted before a single byte of data is transmitted.
  • Once the encryption is in place, intruders cannot monitor.

What is DNS Query?

DNS system is used for translating IP addresses to human-readable domain name. When a user tries to access a web address like “example.com,” their web browser or application performs a DNS Query against a DNS server, supplying the hostname. The DNS server takes the hostname and resolves it into a numeric IP address, which the web browser can connect to.

You’re DNS request is not encrypted. An intruder can observe your DNS queries and your DNS Resolver’s responses accordingly. If you use public Wi-Fi Without a VPN then this lead us to the first attack you could suffer.

DNS Leak

A DNS leak is an issue with the network configuration resulting in privacy loss, where anyone can see the full list of websites and apps you use by sending DNS queries over insecure links. 

Your data could still be at risk even if there is no intruder because the resolver on the public Wi-Fi could harvest your data itself.

DNS Spoofing

DNS spoofing occurred when a particular DNS server’s records of “spoofed” or altered maliciously to redirect traffic to the attacker. This redirection of traffic allows the attacker to spread malware, steal data, etc. For example, if a DNS record is spoofed, then the attacker can manage to redirect all the traffic that relied on the correct DNS record to visit a fake website that the attacker has created to resemble the real site or a different site completely.

The URL would be the same as the site you intended to visit, but the site would be under the control of the attacker. Modern browsers will generally alert users that they are on a website without HTTPS, and this attack won’t work for HTTPS sites that have a certificate.

Punycode

Punycode is a type of encoding used by web browsers to convert all the different Unicode characters (like ß, 竹, or Ж) into the limited character set (A-Z, 0-9) supported by the international domain names system. As an example, if a Chinese website used the domain “竹.com”, in Punycode, that would be represented by “xn--2uz.com”.

The intention is that domain name registrant, and the user will never see this decoded form of a domain name.

As a researcher’s example show, a Punycode site can implement HTTPS and receive a valid certificate, making it very hard for you to detect you are on a fake website.

Use a VPN on public Wi-Fi

While there are several ways to protect yourself when using a Wi-Fi network, one way beats the rest – using a VPN. The most important thing you can do every time you connect is to use a VPN. A VPN encrypts your Internet connection to secure it and protect your privacy. When connecting with a VPN, no one – not the Internet service provider, the business/network owner nor any third-party hacker or snoop – can see the information you send over the network. When using Wi-Fi with a VPN your privacy and security are protected at all times.

Here’s what you get when you choose to protect your privacy with CASVPN:

  • Strong encryption is the first thing you want from your VPN. A CASVPN secures your traffic with robust encryption, protecting your data from snoopers and hackers.
  • Even stronger encryption for the most security-focused. Use a secure VPN to encrypt your communications twice.
  • The ultimate freedom of choice. Pick any of the 150+ servers in over 57 countries to enjoy private and secure browsing.
  • Trusted security. CASVPN has been tested and endorsed by countless casual users and tech experts alike. As almost any CASVPN review will tell you, our VPN is dependable and effective.
  • Support for up to 5 devices. With one account, you can secure all of your devices or share it with your family members.
  • Easy setup. Simply download the app, set it up, pick a server and let CASVPN take care of the rest. Go ahead, try it now, and let us know how you like it.

CASVPN is simple way to protect their Internet connection against these attacks. With a VPN service, you never have to use public Wi-Fi without a VPN again.