First off, let's say you connect to a public network with unsecured ports, no firewall, VPN, browsing through HTTP websites. Let's see what I can do.
2. There's more. If I have a laptop or a PC, I can use the msf metasploit and play with your device a little. I can push a malicious APK onto your device with a preinstalled keylogger or any virus that will attack your device. Using Kali Linux, we can create an APK with remote shell. Then it can be pushed over to your device where you'll install it.
3. While the hacker is inside of a victim's phone, he can basically do whatever he wants with it. Using meterpreter command webcam_list and webcam_snap, he'll retrieve the photos of you from the front camera.
Here's a quick list of what can hacker do while you're connected to a public unsecured network:
- Steal your passwords, personal informations
- View your IP&MAC Adress
- Inject a script to your website
- Redirect you to another website
- Change images on the website
- Intercept download
- Push a harmful APK to your phone
- Access the shell
- Take your photos, intercept webcameras
- Many more!
Now you're probably shocked and asking "how can I secure myself enough when connected to public networks?" The answer is pretty easy.
- Use the SSL and HTTPS protocol. Most websites like Facebook or Twitter have it already but be sure you have it all the time while you're ON because the hacker can redirect you using SSLStrip.
- Use VPN or Proxy servers. For complete security, install Orbot from Tor project. If you're rooted and have transparent proxying enabled, you're good to go. Download Orbot
- Turn off file sharing and enable Firewall.
- On Android, use WiFi Protector, this will notice you everytime there's an attacker on your network. If you're rooted, you can protect yourself from the attack.
- The MITM (Man-in-the-middle) attacks works by redirecting all the traffic through a "man in the middle", making all the traffic slower. If your net speed suddenly gets slower or even stops, there might be a hacker.
Hope these tips help, always remember the security is number one priority!