Why do coffee shops not use WPA/WPA2? Would it solve many problems if they did?

Instead of continuing in the comments, I think I will just answer your real question, which I understand to be - why is using WPA/WPA2 Personal with a public SSID and Passphrase not more secure than having an open network, and why doesn't WPA/WPA2 Enterprise work in the coffee shop scenario.

If the passphrase was public (as it would be in this scenario) and WPA/WPA2 personal is in use, anybody who has the passphrase and SSID name can decrypt anybody else's wireless traffic, as long as they can capture the initial 4-way handshake for that client (which occurs when connecting to the network). If someone wants to decrypt someone's future traffic but did not monitor their client's initial 4-way handshake, they can simply force a new handshake between that client and the AP using a targeted deauthentication, at which point you would be able to capture the new 4-way handshake and decrypt all of their future traffic. Of course, if the client under attack were to use a VPN, SSH tunnel, TLS, or some other strong encryption mechanism over the wireless, that traffic would be protected to the extent that the mechanism that they chose allows.

The reason why their traffic can be decrypted is that WPA/WPA2 personal creates a pairwise master key from the passphrase and SSID used when logging in. The PMK is then used to create a Pairwise Transient Key and Groupwise Temporal key, where the PTK is unique per client and the GTK is shared for all currently connected clients (for broadcast traffic). This PTK can be derived from the PMK using information from the 4-way handshake (which is negotiated in plain text). Therefore, if you are able to sniff the 4-way handshake, you can get the information used to derive that client's PTK from the PMK that you already know because you know the passphrase and SSID (usually by doing PBKDF2(Passphrase, SSID, ssidlen, 4096, 256)).

WPA enterprise doesn't work well because everyone would need a way to authenticate, whether credentials (EAP-PEAP), certificate (EAP-TLS), or other (various other EAP modes), and this wouldn't support the coffee shop's goal of providing free wireless access to nearby individuals.


You're missing the bigger question: why?

  1. Encryption adds greatly to the coffee shop's cost. There are small one-time costs incurred when someone has to configure the access points, assign passwords, manage them, change them, post signs saying "this week's password is C0ffeebuck$" etc. There is an ongoing high payroll cost, too. Baristas are paid to make coffee, and are not paid to be network technical support, and yet they would be forced to spend their time answering tech support questions from frustrated customers instead of selling more coffee.

  2. It protects nothing that is of value to the coffee shop. This isn't the coffee shop's private network that allows access to their computers, registers, and corporate network. This is a separate network, isolated from their internal network. If they allow customers to connect to it, they cannot trust the traffic, regardless of whether it's been encrypted. If the shop considers "network access" to be of promotional value, it's already protected somewhat by the physical limitations of WiFi signal propagation, and the signal won't be usable to anyone more than about a hundred meters away. And once a customer has purchased their coffee and gained access, there is no mechanism inherent to WPA2 that takes that access away after they've finished their beverage. Could a shop afford to change passwords on an hourly or daily basis to prevent people from abusing their access? See #1 above.

  3. It doesn't offer significant protection to the customers. How would someone know they're connecting to Coffeebucks's real network? Because the network is named Coffeebucks? Encryption doesn't solve the problem of authenticating the access point if your computer doesn't have some other kind of trust relationship with it. Going back to costs, what would it cost a coffee shop to grant their customer computers authentication via RADIUS servers?

  4. Even if a customer could absolutely trust the connection to the access point, they are still on a segment that is shared with other customers, so they are essentially on the public side of the internet anyway. Nobody should trust sending unencrypted data to flow unprotected over the internet. Do you use http or https to do your banking from home? Why do you insist on https if you have WPA2? Because you need to protect your data over the entire trip, not just the single hop between your computer and your access point.


In my context, the asia-pacific region, it's about 50-50 between secured WPA/WPA2 and unsecured. If you have a look at wigle.net you could find out exactly, however it's a lot of work, because you'll have to do quite a bit of filtering etc for actual coffee shops and not just commercial or personal networks, but you'll get a good broad picture anyway.

For a hacker doing sniffing or Man in the middle attacks (MitM), the secured networks have a much larger obstacle - a password. This will make the sniffing less effective purely because the amount of people connected is reduced. So you will have fewer victims at any point in time that are actively pushing and pulling traffic through the network that can be sniffed. A silent network is a boring network for a sniffing attacker.

If the attacker asks for the password, or hacks it, they'll be able to sniff just as well as they could have with an open unsecured network. The key point here is that you can't sniff raw http unless you're in the network - at least with conventional hacking tools and hardware, which is the most likely way someone will be exploiting a coffee shop scenario.

put simply, secured vs unsecured is different for a packet sniffer only because of the password. The actual sniffing once the attacker is inside either network is practically identical.

However, attackers are likely to prefer unsecured networks purely because there's likely to be more targets connected. Unless of course, they have a particular target in mind. I would imagine someone behind a WPA-2 password would feel more comfortable visiting, communicating and transmitting content that's far more private or valuable. However if there's only three people on that network, and you're after credit cards or something, you're only going to get three cards. An open network in the middle of the city, has an endless amount of new customers who might make transactions or give away passwords over the air to other sites or apps.

Some cafe's do things like put in middleware, which is effectively a sniffing platform in most cases. They might whitelist/blacklist traffic, take logs, do dns redirects to landing pages... whatever they want, it's their network. Depending on how these are set up, they could prevent other random people doing sniffing attacks across the network by giving each user an isolated connections. However I've rarely seen these in the wild. The typical network is completely sniffable. You can check if you're on a sniffable network with any network analyzer app for your phone. If you see random IP's pop up, then you're not isolated and you and everyone else is vulnerable to a MitM attack.

The exceptions are users who are using encrypted channels, or are forcing https connections for their traffic. These are less sniffable. However while VPN's or things like Tor are relatively secure and commonplace protection against these attacks. https is not entirely safe either, an attack could use sslstrip to downgrade the requests to plain text http, issue their own certificates for some sites. Alternatively they could DOS all https traffic and force people to just give up using encrypted traffic, which would work on most sites except those that only support secured traffic like banks

things to secure yourself (not an exhaustive list)

  • use a private reputable VPN ($) or TOR (free).
  • if using email, use PGP or some other secure connection.
  • use SFTP or SSH not FTP if updating a website or moving files around.
  • never connect to a network without a strong password on your computer
  • have a firewall, intrusion detection and antivirus installed, most companies offer generous free periods on their full software. I think Norton give 30 days at the moment.
  • if possible, don't use your personal login when connecting, instead maybe boot of a live-cd or usb, this will minimise your exposure to network based attacks that want more than your sniffable web traffic - these attackers are after a persistent remote connection into your computer.

However the easiest and safest thing you could do without getting too technical, in all of these situations is to use your mobile phones 3G or 4G (not 2G) data cconnection via a cable NOT as a personal hotspot. This is because you're connecting to cell towers and not random untrusted wifi access points. Of course you could be intercepted through that too, the government have lots of fun with IMSI catchers - but these technologies are less common, not easily available to everyday hackers and are simply harder to conceal than the tech it takes to sniff a regular wifi network (a raspberry pi concealed in anything can do it) also an attacker can do this on any laptop, android and even on jailbroken iPhone's. Also if you see a wifi pineapple (google it), definitely avoid wifi! lol

play safe :)