[Q] How to best protect yourself on public wifi? - Android Q&A, Help & Troubleshooting

I recently have been using McDonald's wifi and also Starbucks near a university I am soon attending (For a master's in IT whee!!). Since knowing about droidsheep and wifikill, I was wondering what the best methods of protecting your devices from public spying are? I found this app, http://forum.xda-developers.com/showthread.php?t=1350941 but isn't there something else? Like setting up some kind of basic something that can guard against such spying?
I am also interested in knowing not only for an android device, but also for a laptop being used in a public place. Thanks for your help!

typhoonikan said:
I recently have been using McDonald's wifi and also Starbucks near a university I am soon attending (For a master's in IT whee!!). Since knowing about droidsheep and wifikill, I was wondering what the best methods of protecting your devices from public spying are? I found this app, http://forum.xda-developers.com/showthread.php?t=1350941 but isn't there something else? Like setting up some kind of basic something that can guard against such spying?
I am also interested in knowing not only for an android device, but also for a laptop being used in a public place. Thanks for your help!
Click to expand...
Click to collapse
On a public wifi all data you do is unencrypted, the only way to protect it, is doing some encrypting yourself.
On the apps that support it you should enable SSL encrpytion, that way, only your device and the receiving service can parse whats going on.
Not all apps support this, so if you come over an app that doesnt, but is really afraid of someone taking it, you need to do some more advanced stuff, and take use of a VPN.
This applies to both laptops and phones, but ssl support is usually less used on laptops

typhoonikan said:
I recently have been using McDonald's wifi and also Starbucks near a university I am soon attending (For a master's in IT whee!!). Since knowing about droidsheep and wifikill, I was wondering what the best methods of protecting your devices from public spying are? I found this app, http://forum.xda-developers.com/showthread.php?t=1350941 but isn't there something else? Like setting up some kind of basic something that can guard against such spying?
I am also interested in knowing not only for an android device, but also for a laptop being used in a public place. Thanks for your help!
Click to expand...
Click to collapse
Use "SSH Tunnel" app from Play Store to encrypt all of Internet traffic. You'll need just an internet server having root access or SSH access for that. There's no need of complex configuration on server at all.
All VPNs except OpenVPN have limited encryption level, but that's not the case of SSH Tunneling. When it comes to OpenVPN, its configuration is complex. And, little mistake can pose security risk. Plus, most of stock ROMs don't have OpenVPN client. Installing it is also more complex than installing SSH Tunnel.

SachinShekhar said:
Use "SSH Tunnel" app from Play Store to encrypt all of Internet traffic. You'll need just an internet server having root access or SSH access for that. There's no need of complex configuration on server at all.
All VPNs except OpenVPN have limited encryption level, but that's not the case of SSH Tunneling. When it comes to OpenVPN, its configuration is complex. And, little mistake can pose security risk. Plus, most of stock ROMs don't have OpenVPN client. Installing it is also more complex than installing SSH Tunnel.
Click to expand...
Click to collapse
This is great and what I had in mind- an app that secures the connection.
Though, walking into a starbucks or public wifi location where they have this kind of requisite (the server requirements)... isn't it doubtful they will have that set up?

Personally, I use OpenVPN. I would recommend using TUN, and at least 128 AES encryption. You need to have an always on internet connection somewhere. You set up a server there (dedicated computer, or buy a $40 linksys router and flash with dd-wrt or tomato vpn) and use a dynamic dns service to forward to that server's IP (such as DynDNS).
Most of that information is available on google.
You can find the OpenVPN HOWTO here:
openvpn.net/howto.html
Yes, as mentioned it is fairly complex, however worth the payoff in security in my opinion.
Hope that helps.
Tom

I appreciate the responses, but I think you're missing my point.
I'm talking about joining public wifi. Not a wifi spot where I can manage their server settings.

Yes, we are as well. VPN and SSH tunneling are used primarily to encrypt traffic. You want to do that to protect your data from Man in the Middle attacks. These types of encryption do not require any sort of administrative access to the wireless access point. That's the idea. You encrypt your data on your computer and send it over unsecured wifi to a server that is hard-wired to the internet, where the traffic is decrypted and send out to the internet as normal. The return traffic will then also be encrypted until it is decrypted by your computer. I would look into these two options for securing your data on unsecured wifi networks...
Tom

tomg09 said:
Yes, we are as well. VPN and SSH tunneling are used primarily to encrypt traffic. You want to do that to protect your data from Man in the Middle attacks. These types of encryption do not require any sort of administrative access to the wireless access point. That's the idea. You encrypt your data on your computer and send it over unsecured wifi to a server that is hard-wired to the internet, where the traffic is decrypted and send out to the internet as normal. The return traffic will then also be encrypted until it is decrypted by your computer. I would look into these two options for securing your data on unsecured wifi networks...
Tom
Click to expand...
Click to collapse
Thank you !
Sent from my EVO using xda premium

typhoonikan said:
This is great and what I had in mind- an app that secures the connection.
Though, walking into a starbucks or public wifi location where they have this kind of requisite (the server requirements)... isn't it doubtful they will have that set up?
Click to expand...
Click to collapse
Server will be your own outside public wifi. It may reside in your home. Or, you may purchase a VPS from Linode, RackSpace etc.
The concept: Your Android device will create an encrypted SSH tunnel to server at home... all over insecure wifi network. If a black hat guy traps your traffic in the middle, he will not get usable data from that because of encrypted tunnel.

Related

Webserver using mobile connection

I have never got any app that hosts web page to work when I'm using mobile connection.
Wlan connection always works and another users seem to get it working using mobile connection.
Same problem with all ROMs that I have used. How to fix?
Mehumummo said:
I have never got any app that hosts web page to work when I'm using mobile connection.
Wlan connection always works and another users seem to get it working using mobile connection.
Same problem with all ROMs that I have used. How to fix?
Click to expand...
Click to collapse
Ummm. What network are you on? Remember most networks use NAT so save IP addresses. So your web server might only work for other users on the same subnet of your provider.
A phone isn't an ideal server. Can't you spend $1 or so per month on shared hosting on a server somewhere?
This is why it works on WiFI, as you have a dedicated IP address.
How can an incoming connection to 155.55.55.55 (for example, which covers all your network's users) know to direct an incoming port 80 (web) request to your phone? As opposed to the many other people that would try this?
I think Vodafone UK gives individual Ips though, so you could switch provider if it matters
anon2122 said:
Ummm. What network are you on? Remember most networks use NAT so save IP addresses. So your web server might only work for other users on the same subnet of your provider.
A phone isn't an ideal server. Can't you spend $1 or so per month on shared hosting on a server somewhere?
This is why it works on WiFI, as you have a dedicated IP address.
How can an incoming connection to 155.55.55.55 (for example, which covers all your network's users) know to direct an incoming port 80 (web) request to your phone? As opposed to the many other people that would try this?
I think Vodafone UK gives individual Ips though, so you could switch provider if it matters
Click to expand...
Click to collapse
I do know what NAT is (as it always ruins everything). I was not aware that mobile connection uses NAT as I imagined that operators doesn't put their users under same ip.
I'm not hosting something that any server could, mostly access to my phone:
files, sms, remote usage etc.
So there is no way but change operator?
Mehumummo said:
I do know what NAT is (as it always ruins everything). I was not aware that mobile connection uses NAT as I imagined that operators doesn't put their users under same ip.
I'm not hosting something that any server could, mostly access to my phone:
files, sms, remote usage etc.
So there is no way but change operator?
Click to expand...
Click to collapse
T-mobile definitely uses nat, as I have tried to ssh into my phone etc. I needed to make a listen server and dial into it from the phone.
So what you are doing needs a unique ip or upnp support (which I doubt android can do). But also it needs an isp that don't block ports or anything.
We use vodafone sims for remotely connecting to remote wind farms, as it allows incoming radmin connections.
anon2122 said:
So what you are doing needs a unique ip or upnp support (which I doubt android can do).
Click to expand...
Click to collapse
I guess that no operator supports UPnP/IGD to poke holes in their NAT.
If it's only for transferring files, SwiFTP supports a proxy server that is provided by the author. SwiFTP doesn't support SSL, and I don't think that I would want to send the plain text password to my phone over the Internet.
Another possibility is a VPN from the phone to the PC or router. Than you can start a server like kWS, Android Desktop, PAW Server, I-Jetty, WebFileSystem, etc.
VPN sounds good, gonna try when I get to home.
I can get connection using vpn.
However if there are no connection for short time or phone is restarted then vpn connection goes away.
I would like it to reconnect asap but it isn't meant to be that way :/
Couldn't find anything to reconnect vpn.
I didn't try the built-in VPNs (Android 2.1), but it works fine with OpenVPN: even when changing from Wifi to 3G it reconnects after a few seconds. You need root for OpenVPN AFAIK. It works great with VillainROM 12 which comes with OpenVPN. There's a guide at the VillainROM forums.
Thanks got it working
Lol huge decrease to battery life, suppose you don't have any hints for that?

Android proxy server + Wi-Fi AP?

So I'm trying to do some research in the server requests and responses of some apps I work with, and for various reasons need a hotspot because of incompatibility with a corporate proxy.
Are there any apps that can decode/record web traffic as it's passed to AP clients through Wi-Fi tether?
I certainly recognize the possibility for espionage / inherent security concerns, but they have similar apps for desktops like "Charles proxy" or "fiddler" to do research in packet analysis.
I googled a little, but most examples were from the 2.2-2.3 days, and didn't seem updated at all.
Thanks!
Hi,
Maybe SandroProxy will help you out.
https://play.google.com/store/apps/details?id=org.sandroproxy
Not sure about working on wifi thether...
Mix3d said:
So I'm trying to do some research in the server requests and responses of some apps I work with, and for various reasons need a hotspot because of incompatibility with a corporate proxy.
Are there any apps that can decode/record web traffic as it's passed to AP clients through Wi-Fi tether?
I certainly recognize the possibility for espionage / inherent security concerns, but they have similar apps for desktops like "Charles proxy" or "fiddler" to do research in packet analysis.
I googled a little, but most examples were from the 2.2-2.3 days, and didn't seem updated at all.
Thanks!
Click to expand...
Click to collapse
SandroBSupp said:
Hi,
Maybe SandroProxy will help you out.
https://play.google.com/store/apps/details?id=org.sandroproxy
Not sure about working on wifi thether...
Click to expand...
Click to collapse
Yeah, that's the wrong type of proxy. I need the *phone* to act as the proxy, or at least decrypt ssl traffic between the phone and tethered device; this one is more of a "hide my traffic" proxy between the phone and the internet.
But this is exactly what SandroProxy do. It acts as local proxy accepting requests.
For SSL you need also to use Menu->Export CA to store.
It can also connect to your corporate proxy (basic/digest/ntlm) so you do not need to use thether mode.
http://forum.xda-developers.com/showthread.php?t=1737138
Mix3d said:
Yeah, that's the wrong type of proxy. I need the *phone* to act as the proxy, or at least decrypt ssl traffic between the phone and tethered device; this one is more of a "hide my traffic" proxy between the phone and the internet.
Click to expand...
Click to collapse
You're totally right. Just tried it out and it's working splendidly.
You the man!

[Q] VPN On phone worth it ?

I was trolling thru the settings and saw there's a built in VPN that can be used is it worth it or is this one that Verizon has control over and would just hand over your info to the mafiaa anyway ? Anyone know more about this or have you used it yet ?
It's just a remote access client. Stock Android comes with one, which you can still use here, LG has provided a more advanced one that has better compatibility with more advanced forms of IPSec encryption, haven't really played with it to see what else it does.
I highly doubt that Verizon has instructed LG to intentionally compromise the security of their VPN client, the legal ramifications alone would make this a very foolish decision, even for Big Red. The security of the traffic sent over the tunnel depends on what type of encryption was used, and we can't currently be positive that there is a type of encryption out there the NSA can't crack, they don't need Verizon's help to do so.
What type of VPN are you trying to connect to? If this is corporate or educational the security of the traffic isn't your responsibility anyway.
I just use the stock Android on. I have been using it for years so I stuck with it. I played with the LG one but for what I need, the stock is all I need. I use it to stream movies to me phone from my home server and I can access my drives.
Sent from my VZW LG G3 (tapatalk)
I never used it before and all I would need it for would be the occasional stream when Netflix don't have something. So I guess the LG one would work just fine. I didn't know much about there VPN being on he in the first place or android. So thanx I leaned a bit tonight. ?
And ya I know all about if the nsa wants you they'll get you lol. Which is why I won't even step near anything like Expendables. Lions gate is like a pack of wild dogs going after people right now. ?
Given the actions of our Broadband and Cellular companies over the last few years, i have decided i wont use my computer and phone without a VPN. They have no right snooping.
I use VYPRVPN and i have tried many Vpn services over the last 2 years. VyprVpn seems to be the best bang for the Buck and the have the fastest speeds and a large amount of servers. Two things that separate Vypr from all the other VPN services is they use their own proprietary Protocol called Chameleon Protocol which is built on top of OpenVPN. It adds another 256bit layer of encryption on top of OpenVpns 256bit encryption and keeps our ISP's from knowing if were are using a VPN at all. The other added Benefit is they use their own DNS servers and detect and prevent DNS leakage also built in kill switches for in case you loose your VPN connection for what ever reason it will disable your internet all together to keep whatever you were working on from leaking out for prying eyes. They do minimal logging. They would prefer you not to do any torrenting but they dont block you from torrenting. But if you are someone who likes to torrent then use a server outside the US that doesn't have strict piracy laws.
Like i said i have used many VPN services and VyprVPN is by far the best ive ever used. There are tons of perks that others cant come close to offering. I have the premier plan and its worth it.
YES VPN IS WORTH IT. Anonymity is a must for me and should be for everyone else. What i do with my connection is none of anyone else's business. Especially since i pay a buttload of money to have internet. Hope that helps.
jmotyka said:
YES VPN IS WORTH IT. Anonymity is a must for me and should be for everyone else. What i do with my connection is none of anyone else's business. Especially since i pay a buttload of money to have internet. Hope that helps.
Click to expand...
Click to collapse
My ISP (Sonic.net) allows VPN if you have a valid account.
The LG VPN works fine. Still getting LTE speeds through their backbone.
I guess I'll keep VPN enable permanently.
Sounds good. Now to learn how to use it properly lol. But ya my thoughts exactly no one needs to see what I have on my connection but me. And with all the snooping going on and intrusive adds grabbing info to see what sites you visit just to send you relevant adds (cough cough ) it's a great idea.
Most routers support VPN so its free to setup and easy to do
Sent from my VZW LG G3 (tapatalk)
Hi all. Trying to get the lg VPN going but I've only ever set one up for my home comps n they basica9did everything for you. One click setup so to speak.
I got to name the VPN then it asks for the ip address but is that my ip or the one I want it to show (masked) ?gotta admit I don't know much bout this lol thanx in advance guys .
VPN on Android
VPN on Android has kind of been a sore subject since KitKat. I used to connect to L2TP on Mac OS X Server (snow leopard) from my phones as far back as Gingerbread, but with KitKat, L2TP became incompatible with Apple's implementation. That being said, PPTP works fine although being slightly less secure than L2TP. Android connects just fine to my Ubuntu Server PPTP, but no matter what I do I can not get get OpenSwan (Linux L2TP) to work outside my local LAN. Considering I have the EXACT same problem with OS X L2TP over the Internet but iOS devices can still manage to "phone home" to my L2TP server, I'm sure has something to do with my ISP considering L2TP an "enterprise" application and blocking my traffic, but iOS devices use some form of non-standard/undocumented L2TP.
I use VPN all the time for the simple fact that it provides a secure tunnel back home so I can grab files off my server, etc. Not only that, but it's a good way to provide at least some security when using public wifi. The thought of using public wifi without VPN gives me chills. It is disappointing that Android has deemed PPTP not secure enough to enable "always on vpn", which would tunnel 100% of your data through your VPN whenever a data connection (4G or WiFi) are available.

No VPN sorry no WiFi

Hi there,
I am building a home router on some decent pc hardware. I do this only to have a router with enough power to support decent encrypted vpn connections.
What I need to know is the following.
Is there a way to let an android device connect to WiFi -only- if the vpn is working?
This is tricky I guess. There has to be a WiFi connection otherwise the device cannot contact a vpn server.
But the point is that I don't want my users (wife and to lovely boys aging three and five) to connect to the Internet (via wifi) without any decent encryption.
I don't want to use a vpn service. I do this at home with the power router I build.
If I must pay for an app that does this than please suggest that. I love to pay for a good app that does what I want.
Any thoughts or suggestions?
Many thanks,
Sebastiaan.
You could use Tasker to kill their mobile data at home (depending on the phone, ROM, root, etc,) and then if the *only* Wi-Fi hotspots configured on the phones are the VPN-enabled ones, then you should be fine.
At my house, I use an Asus router with VPN Fusion. I set up my Surfshark once in the core, and my entire mesh has VPN. I just go to a page to tag each device, or set default to whatever VPN I want. Some of them go to another site I use in a different state, and some use Surfshark. If my mobile data was off, I'd be totally disconnected from the evils of the internet.
Also recommend using something like Blokada, and ensure you have always-on VPN set to either that, or another service. You can definitely set it so Android pulls that up on boot. That being said, in the case of rebooting the phone away from home, I'd imagine there's some period of time that the stuff on your device could hit the regular internet. That's where something like Blokada comes in handy. I use it to block as many google servers as I can, while still having some of those apps still work to some degree.
Depending how crazy you want to get with this, you could set a static DNS on the phone that only works when the VPN tunnel is established. There are many ways to skin this cat.
sebastiaankop said:
Hi there,
I am building a home router on some decent pc hardware. I do this only to have a router with enough power to support decent encrypted vpn connections.
What I need to know is the following.
Is there a way to let an android device connect to WiFi -only- if the vpn is working?
This is tricky I guess. There has to be a WiFi connection otherwise the device cannot contact a vpn server.
But the point is that I don't want my users (wife and to lovely boys aging three and five) to connect to the Internet (via wifi) without any decent encryption.
I don't want to use a vpn service. I do this at home with the power router I build.
If I must pay for an app that does this than please suggest that. I love to pay for a good app that does what I want.
Any thoughts or suggestions?
Many thanks,
Sebastiaan.
Click to expand...
Click to collapse
Why don't you just change the dns in the router
The Ultimate Guide to Changing Your DNS Server
There are many reasons you might want to use a third-party DNS server, from parental controls and security features to speed and reliability improvements. You can change the DNS server for your entire home network on your router, or set it individually on a PC, Mac, iPhone, iPad, Android device...
www.howtogeek.com

vpn server on android mobile

hello lads, I am interested in making Android application that can be use as VPN server, any tips where I can start from ? Is it possible ? I have not see any good topic about this in net
I just wonder why you consider an Android app as a VPN server.
Is it just a portal for a specific LAN? Or do you need a general VPN server for encrypted internet connections?
Even if you can implement basic functions of this VPN server, don't you worry about its concurrent & load capacity as a 'server'? ......
Its definitely possible but you'll have to likely root the phone first.
I turned a rooted Android phone into a VPN server by using the Linux Deploy app and UNIX tools "busy box app" then running CentOS on Linux Deploy. I installed SoftEther VPN Server on CentOS through SSH on the phone.
I wrote about it in a forum. If you google "Turn a flashed to verizon phone into vpn server" it will come up in Aspkin forum and you can see me work through it.
This way is 100% free and SoftEther will tunnel straight through a firewall using port 443 unlike any paid app so you can leave the phone hidden anywhere connected to WiFi and as long as you use SoftEther Client and the DNS host name to connect to the server. It wont work if you use a openVPN or L2TP/IPsec client without opening ports on the router of the wifi connection, or the server IP address (which would be a local ip if connected to wifi hidden somewhere).
Click to expand...
Click to collapse
James_Watson said:
I just wonder why you consider an Android app as a VPN server.
Is it just a portal for a specific LAN? Or do you need a general VPN server for encrypted internet connections?
Even if you can implement basic functions of this VPN server, don't you worry about its concurrent & load capacity as a 'server'? ......
Click to expand...
Click to collapse
Thank you for your reply. I just want to make a VPN server that uses a mobile network and accepts connection from 1 device(concurrent or load capacity or encryption does not matter). It is a small part of my application and not for commercial use. so, everything is possible, to root a device or another way to do my goal.

Categories

Resources