cancel
Showing results for 
Search instead for 
Did you mean: 

Plusnet Security - My Rude Awakening

Baldrick1
Moderator
Moderator
Posts: 12,423
Thanks: 5,595
Fixes: 430
Registered: ‎30-06-2016

Plusnet Security - My Rude Awakening

I have known for a long time that Plusnet do not use an encrypted link for connections to IMAP or POP3 email clients but have just had a light bulb moment regarding this shortcoming. Being bored I have had a play with Wireshark. This has brought home to me the implications of a third party getting access to my wireless network. This could be leaked by various ways, for example a quick look (or snap from a camera phone) at the rear of the router is all that's required.

Anyway, what I have suddenly realised is that if some-one can connect to your wireless network, every time you check for incoming emails your user name and password can be easily extracted as it's shown in plain test. As the same details are used to access your Plusnet Account, every time emails are checked, in my case Outlook is set to do this every 30 minutes, your account user name and password is being transmitted in plain text for a snooper to pick up. This of course gives them full access to account details, telephone records, any security bolt settings, etc.

My solution is to change my wireless password from that on the router label and use my other secure non-Plusnet email account. I have forwarded any emails addressed to my Plusnet mailbox to the other account and deleted the Plusnet settings from my Email client.

I note that webmail can be accessed via a secure https link and hence is not exposed to this security flaw.

 

Moderator and Customer
If this helped - select the Thumb
If it fixed it,  help others - select 'This Fixed My Problem'

3 REPLIES 3
VileReynard
Hero
Posts: 12,616
Thanks: 579
Fixes: 20
Registered: ‎01-09-2007

Re: Plusnet Security - My Rude Awakening

It's not quite that bad - wifi is moderately well encrypted.

If you want proper end-to-end encryption I'd consider signing up at https://protonmail.com/signup - you can get a single email account for free without any adverts etc.

"In The Beginning Was The Word, And The Word Was Aardvark."

ejs
Aspiring Hero
Posts: 5,442
Thanks: 631
Fixes: 25
Registered: ‎10-06-2010

Re: Plusnet Security - My Rude Awakening

Were you running wireshark on the computer accessing the email, or on a different device?

It is possible to view such traffic from another device, but perhaps not quite as easy as you suggest.

MisterW
Superuser
Superuser
Posts: 16,317
Thanks: 6,260
Fixes: 448
Registered: ‎30-07-2007

Re: Plusnet Security - My Rude Awakening

every time you check for incoming emails your user name and password can be easily extracted as it's shown in plain test. As the same details are used to access your Plusnet Account

That's only true for the default mailbox. You can mitigate the problem by using additional mailboxes instead with their own passwords.  When/if you need to access the default one, do it from webmail, that's what I do.

Superusers are not staff, but they do have a direct line of communication into the business in order to raise issues, concerns and feedback from the community.