NetTalk Central

Author Topic: WiFi traffic encryption  (Read 8171 times)

Wolfgang Orth

  • Sr. Member
  • ****
  • Posts: 251
    • View Profile
    • oData Wolfgang Orth
WiFi traffic encryption
« on: February 07, 2016, 12:00:55 PM »
Hello all!

Is the traffic between a client and a HTTP-server within a WPA2-secured WLAN sniffable from the outside?

Explanation: I work on a new project with ESP ( http://www.arduinesp.com/ ).

Such an ESP can be a client, as it also can be a server. However, I am not sure yet if such a server can be convinced to use HTTPS.

My question is: Can the http-traffic between client and server inside a WLAN be sniffed from the outside, when the router is using WPA2?

Our intention is to install a segregated WLAN, which will contain only some ESP devices and at least one dedicated PC. Those ESP ought not to be reached from anyone outside the WLAN. Only the PC (running a Nettalk Webserver, likely using https) will be accessible from the outer world via portforwarding. The question is abouit security inside that WLAN.

I tend to say that an attacker can record the WiFi-traffic, but has to break the WPA2 key to read the contents. In other words, its more or less secure, to have not encrypted traffic inside this segregated WLAN.

The data is only about temperature, humidity and that like, but here in Germany we have strict privacy laws, so I better plan ahead.

Thanks for any input,
Wolfgang

Flint G

  • Jr. Member
  • **
  • Posts: 55
    • View Profile
    • Email
Re: WiFi traffic encryption
« Reply #1 on: February 09, 2016, 10:27:04 AM »
Wolfgang,

Based on a cursory search, yes, WPA2 does mean the air traffic is encrypted between radios: https://en.wikipedia.org/wiki/Wi-Fi_Protected_Access

With a sufficiently large and random key, you can make it very difficult to crack the encryption outright.  More appealing would be to attack other components of the network, such as the router itself, or the thermostat you're interfacing with.  All bets are off if someone can gain physical access to any device on the network. 

Do the simple things: use a large and random key, disable WPS, use MAC address whitelists, disable SSID broadcasting, etc.

Flint
NetTalk: 12.26
Clarion: 9.1.11529
Brave: 1.31.88
Chrome: 95.0.4638.69
Edge: 95.0.1020.44
ExtJS: 7.0.0.156