Quote:
Originally Posted by haertig
You're right. As I understand this vulnerability, it is eavesdropping only. Not a way to gain unauthorized access (login) to a WiFi network.
All my sensitive stuff is on the laptop itself, and that would be protected by the VPN. The devices that connect to the second WiFi hotspot are things like my Roku, Kindle eReader, etc., that don't contain sensitive stuff. The Kindle Fire could potentially have sensitive info on it, but that device can initiate it's own VPN if needed, thus protected. If someone eavesdrops on an eBook being downloaded to my eReader or a movie being streamed to my Roku, that doesn't bother me. Although, part of the Kindle eReader connection process might include transmitting a login/password or some other sensitive credentials. I would guess that the Kindle might transmit this "in the clear", although it shouldn't. If these credentials are not encrypted on the Kindle itself, then there is your security hole again - front and center.
Maybe I should build myself a Faraday cage to crawl into so I can cloak myself when reading eBooks!
|
The Kindle (what you call an e-reader) uses encryption independent of the transmission media.
Run WireShark on your laptop, and while displaying the connections from the Kindle, press "store" to go shopping.
Or search ...
or ...
Its only 2048 bit RSA, so let me know when you break that and we can put up more specific directions than:
"Don't worry about it."