HTTPS May Be Not as Safe as You Think3 min read
Your every web step from email correspondence to online shopping must be kept out of cyber criminals’ hands. Unless you are a tech-savvy person, your knowledge won’t be enough to protect own web privacy. That is why developers take care of it and offer us different encryption methods which are applied in data transfer systems. Most of us strongly believe that sites with HTTPS protocols represent one of these methods. However, it would appear that there is an attack which may break your online protection and allow scammers to spy on you. The issue of safety while surfing the web seems extremely important to bring it to the light. In view of this, we begin a brief dive down the rabbit hole of HTTPS to describe you what is really going on and how online security works.
What is HTTPS?
HTTPS, or Hyper Text Transport Protocol Secure, ensures a secure communication between a client and a server that encrypts and decrypts their requests and responses on the website. If the URL bar shows , it means that you currently use a protected version of the connection. The letter “s” in the end makes the difference between HTTP and HTTPS and points out that the website is talking to your browser in a secure code. Look at a clear visualization of this distinction below:
You may think that the websites with the magic “s” will protect you from all online threats, such as prying eyes, scam artists, and snoopers. However, as we have already mentioned, the sad reality is that anyone with specific skills about how this supposedly “secure” communication actually works can gain access to your personal data. Let’s figure out where this flaw comes from.
Breaking the stereotype that HTTPS does not allow hackers to snoop your browsing habits
Actually, it’s not easy for hackers to eavesdrop on users’ online activity which is protected by the HTTPS. But they commonly use a so called man-in-the-middle attack (MITM) for this purpose. In this case, scammers may send you phishing emails which will lead you to fake sites. The danger lies in a fact that users can’t distinguish such false pages from real ones. Thus, they input their sensitive data, such as address or credit card number, not suspecting any harm. For example, Ebay users greatly suffered from this attack in 2014.
Another case is an outdated version of TLS or SSL (complex protocols with a million of configurations, versions, and features which provide encryption in transit). It is a reason of some bugs that hackers may use to decrypt communications. For instance, the Heartbleed bug exploits an outdated version of SSL which allows attackers to read some part of the affected server’s memory, revealing users’ data.
An outdated protocol is a new threat to worry about
As we figured out, the HTTPS normally prevents tracking the URL’s which users visit. But the researchers have found a new technique to bypass the HTTPS encryption. This exploit banks on the Web Proxy Auto Discovery, or WPAD (a protocol which allows a client to automatically locate cache services on the internet in order to get information more quickly). Despite the fact it is considered as outdated, browsers continue to support the WPAD and thereby giving hackers an opportunity to get around the HTTPS.
Keep safety in mind when surfing the web
Probably, no one will argue with the statement that data is a new currency in the modern tech-savvy world. That is why new ways to get your personal information are constantly emerging and to catch all these scam tricks to kidnap your private data is simply impossible. But you don’t need to do this! At KeepSolid, we’ve long taken this responsibility and can claim that your online activity remains private with our top-notch VPN Unlimited. Trust us your sensitive data because we will encrypt it all along its entire journey through the cyberspace.
Download VPN Unlimited to find yourself well-defended with a higher level of online protection.