Question VPN vs MITM attacks?

Status
Not open for further replies.
Apr 25, 2022
4
0
10
I'm thinking of something like a man-in-the-middle attack.

Say I'm at some coffee shop (or a hotel) and want to use their WiFi but then access the VPN. I connect to CoffeeWiFi thinking it's the coffee shop's WiFi. But in reality, it's a router set up by Joe Hacker. Even if I were to make sure that I'm always connecting to a WiFi that is password protected, if the owner of that WiFi gives the PW out to other customers, all Joe Hacker has to do is set up his own router with the same SSID and password. Then it will appear that I'm connected to the correct WiFi.

Now after accessing WiFi, I attempt to connect to my VPN. I've just given the VPN address. The hacker could intercept my connection attempt then make his own connection (programmatically of course). When I provide authentication info thinking I'm talking to my server, I've just given that to Joe. He then passes that on to the VPN server but stores a copy for his own use. From then on he routes all the traffic to me from the VPN and vice versa.

Can the VPN prevent this?
 
VPN creates an encrypted tunnel. The only thing that this hypothetical cracker sees is the connecting address and perhaps the endpoint address. The traffic is encrypted and cannot (without a GREAT deal of effort) be read. (that's the extremely simplified explanation)
 
It depends on the vpn services. Many do not use simple passwords they pass in the clear. Most are based on a variant of SSL or somethings like IPSEC. Neither actually pass the keys over connect so it would be impossible to do man in the middle. Even wifi works this way, it does not use the preshared key for the actual data encryption only to built the session keys. If you do not know these keys to begin with you will not be able to really intercept the data. I know some vpn services are using public certificates like HTTPS to prevent man in the middle.

In addition vpn is not really needed as much when you used to hear of people hi jacking facebook sessions. HTTPS has pretty much put a end to that ability since it is now encrypted end to end. Almost every site is now using HTTPS and you can now even encrypt the DNS which was the other way they used to spy on or try to intercept traffic.
 
Apr 25, 2022
4
0
10
Oh. I thought that when my device contacted the VPN url, my device would have to send credentials to login and I thought the router could see THAT data.
 
Oh. I thought that when my device contacted the VPN url, my device would have to send credentials to login and I thought the router could see THAT data.
I think most vpn uses one of the forms of TLS authentication to do this. This is using things like certificates to prevent replay and man in the middle attacks.

Even before this method they used to use things like one way encrypted keys so the data that is send can not every be reversed into the password. The far end when it receives this it reads the real password out if its storage and then uses the same one way encryption to verify it. There are other tricks used to prevent some one from just capturing and resending that one way encrypted string.

This may all be new stuff to you but the people designing these systems know all about man in the middle attacks. It has been many many years since it you could really do stuff like that.
 
Apr 25, 2022
4
0
10
I'm not new to the concept but and wasn't trying to claim to have found a new security risk. It was a concern that hoped/assumed had been addressed. And wanted to learn how.
 

Old Molases

Prominent
May 3, 2021
174
23
615
You do not give out your real IP address here. When using a VPN you are assigned a Virtual IP address and all your communication is encrypted. Also, now VPNs use multi-hop protocol which makes it nearly impossible for them to hack you.
 
Status
Not open for further replies.