How Hackers Can Steal Your Passwords Over Wi-Fi And How to Stop Them
Still don’t use VPN service?
Did you know that a hacker could steal your passwords and personal information just by being on the same Wi-Fi network as you? All they need is a $20 piece of equipment and a little technical know-how, and then they can launch a man-in-the-middle attack.
Luckily, there’s a way to stop them. Watch as Samet teaches Natalie about the importance of using a VPN (virtual private network) when connected to public Wi-Fi.
In the video, Samet uses a $20 wireless adapter and a set of free penetration testing tools running on Kali Linux on a typical laptop to identify Natalie’s computer on the wireless network and listen to her traffic. That means he can see Natalie’s request to visit Hotmail, intercept it, and forward it on to Hotmail from his own computer, pretending to be Natalie.
Hotmail wants Natalie to use HTTPS, so it sends back the login page encrypted using SSL, but because Samet is the man-in-the-middle, he can “strip” (i.e., remove) the SSL before forwarding it to Natalie. Natalie doesn’t know it, but when she types in her password and hits “Sign in,” she’s sending it in clear text straight to Samet. Samet adds back the SSL encryption before forwarding it on to Hotmail—and no one is the wiser.
In the second half of the video, Natalie connects to the secure ExpressVPN server in New York before logging into Hotmail. All her traffic is now sent through a private, encrypted tunnel instead of the public network Samet is listening on.
Now, none of Natalie’s traffic is visible to Samet, not even the initial request to Hotmail that he previously used to initiate the SSL strip. The attack running on Samet’s machine is stuck at a listening screen, waiting for traffic that will never come.
At this point, a more malicious hacker would probably move on to another victim on the network who wasn’t using VPN service!
*Be sure to read our review about one of the best VPN providers in the market: Express VPN.