Jump to content

Security when using phone as WiFi Hotspot

EggyRepublic
 Share
Posted

Basically, I had this setup:

 

1) phone connected to NordVPN

2) a WiFi hotspot on my phone using netshare from Play Store

3) laptop (Windows 10) connected to phone

 

So, my question is if I visit a HTTPS website from my laptop, when the VPN sends the webpage to my phone, is the information encrypted with HTTPS the entire time such that my phone cannot read it? I don't trust my phone nor the netshare app to be clean of malware, so assuming that my phone (Huawei running Android 9) does indeed contains malware, could it read either my inbound and outbound information?

 

Diagram in case I wasn't making sense:

 

Website with HTTPS ------------(HTTPS encryption)-------------->VPN---------------(VPN encryption + HTTPS? does the VPN keep the original encryption?)------------->Phone(is the website still encrypted with HTTPS, and can the phone decrypt the HTTPS?)---------------->Laptop



Thanks.

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
26 minutes ago, EggyRepublic said:

So, my question is if I visit a HTTPS website from my laptop, when the VPN sends the webpage to my phone, is the information encrypted with HTTPS the entire time such that my phone cannot read it?

 

In a proper setup, yes, the HTTPS traffic should be encrypted the entire time. I should be set up just as another network point in the chain when tethering off your device. It is possible to be a Man-in-the-Middle if the Phone itself starts the HTTPS connection, HOWEVER you would either see:

  • SSL Certificate warnings
  • All connections being converted to HTTP (which would no longer display the HTTPS symbol)
  • The hostname of the MITM device (e.g. facebook.com/photos would show up as HAUWEIDEVICE/photos
     

A MITM device does not have the original private encryption key so it is not possible for that device to re-encrypt the data as your laptop is expecting it without giving away that there;s an MITM connection.

 

26 minutes ago, EggyRepublic said:

I don't trust my phone nor the netshare app to be clean of malware, so assuming that my phone (Huawei running Android 9) does indeed contains malware, could it read either my inbound and outbound information?

 

Even with HTTPS, it is possible for malware or the app to read information. Most commonly is this can be done by capturing DNS requests (this is the service that converts the unusable url facebook.com into an IP address that your device can use). This specific easedropping doesn't give too much away other than what site your going to, however other apps can leak specific information depending on the app as not all apps will use encrypted connections for one reason or another. 

PLEASE QUOTE ME IF YOU ARE REPLYING TO ME

Desktop Build: Ryzen 7 2700X @ 4.0GHz, AsRock Fatal1ty X370 Professional Gaming, 48GB Corsair DDR4 @ 3000MHz, RX5700 XT 8GB Sapphire Nitro+, Benq XL2730 1440p 144Hz FS

Retro Build: Intel Pentium III @ 500 MHz, Dell Optiplex G1 Full AT Tower, 768MB SDRAM @ 133MHz, Integrated Graphics, Generic 1024x768 60Hz Monitor


 

Link to comment
Share on other sites
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing Programs, Apps and Websites

×