My traffic is not vulnerable, but my device might be.
When you connect to public WiFi, you also share it with others, and maybe someone on that network wants to test out their new hacker skills ?
Maybe not as much of a problem for phones, but that juicy developer laptop running unauthenticated MongoDB with a dump of the production database… yup, that now “mine”.
Ideally all those services should be listening on 127.0.0.1 / ::1, but everybody makes mistakes. Maybe the service comes preconfigured to listen on 0.0.0.0.
My traffic is not vulnerable, but my device might be.
When you connect to public WiFi, you also share it with others, and maybe someone on that network wants to test out their new hacker skills ?
Maybe not as much of a problem for phones, but that juicy developer laptop running unauthenticated MongoDB with a dump of the production database… yup, that now “mine”.
Ideally all those services should be listening on 127.0.0.1 / ::1, but everybody makes mistakes. Maybe the service comes preconfigured to listen on 0.0.0.0.