Quote:
Originally Posted by ownedbycats
Idea: Partner with eReader vendors. Instead of plugging your device into a strange kiosk (security risk and inconvenient), have the kiosk instead provide a voucher code which can be inputted into the reader (or reader app on the smartphone) and download to the device over a provided wifi connection.
|
You'd have to trust the shop that the WiFi isn't malicious. Man in the Middle attacks on HTTPS do work. Only a VPN is safe.
Sadly even democratic countries have used "fake" cell/mobile sites (they are portable and the mast bit can be remote and about shoe-box size) without even a warrant to do MiM attacks. It's certainly a lot more costly to have a malicious mobile/Cell base station than WiFi airpoint, but affordable even for a rich individual or criminal organisation.
Copper based phone, fax and even xDSL is easily "listened to". A MiM attack on xDSL isn't hard. Pretty hard on DOCSIS 2.x or 3.x cable (insider "attack" with permission of ISP or an edge router in ISP with a backdoor is the way to do cable internet. I'm not sure about gpon fibre to the home as I've not been involved with designing stuff for that.