How does hacking through WiFi really works? We know that data can be stolen but what are the hackers actually seeing on their screen that have access to our information?
In: Technology
When you go to a website, you send a request to a server for information. For example, when you go to [Google.com](https://Google.com), you send Google’s server a request asking for their homepage. Their server sends that information back to you, and your web browser formats it correctly.
>[192.168.0.3](https://192.168.0.3) wants to access [google.com](https://google.com); please send the homepage code.
When you log in to a website, like your bank, you have to send some extra information to the server so that it knows who you are. That’s usually your username and password. When it’s not encrypted, that information is sent in plain text, right alongside of the website that you’re trying to get to.
>[192.168.0.3](https://192.168.0.3) wants to access [bank.example.com](https://bank.example.com), their username is [[email protected]](mailto:[email protected]) and their password is hunter2; please send the transaction list.
Once you’ve told the server who you are, they sometimes send back a session key; this is similar to a coat check. When you go to the website later, you don’t have to give your username and password again – you just give your coat check, and they can identify you from that. That keeps you from having to send the password repeatedly, and saves the server from having to re-authenticate you every time. However, just like in real life, if that coat check gets stolen, anyone can pick up your coat (your data) with it.
On a public wireless network, anyone else can scan the network for these requests, and they’ll see [every “packet” of information being sent over the network](https://jvns.ca/images/wireshark_screenshot.png). From there, they can search the stream of data for patterns, such as looking for e-mail addresses. They can then see your password in the same request, and voila – they have your information.
If you’re interested in how encryption works, I’d highly suggest [this video](https://www.youtube.com/watch?v=3QnD2c4Xovk) which explains the protocol really well and in an easy to understand way.
**Edit:** It looks like I removed the part about encryption while I was editing my comment last night. Encrypting these requests is incredibly easy nowadays, so most websites will encrypt the data that you send it and the data that it sends you. It’s explained better in that video I linked above, but you and the server basically agree on a shared secret phrase that people scanning the network can’t figure out. That way, only you can see the data that you’re being sent and only they can see the data that they’re being sent.
Latest Answers