cancel
Showing results for 
Search instead for 
Did you mean: 

Plusnet Security - My Rude Awakening

Highlighted
Hero
Posts: 4,489
Thanks: 1,947
Fixes: 130
Registered: ‎30-06-2016

Plusnet Security - My Rude Awakening

I have known for a long time that Plusnet do not use an encrypted link for connections to IMAP or POP3 email clients but have just had a light bulb moment regarding this shortcoming. Being bored I have had a play with Wireshark. This has brought home to me the implications of a third party getting access to my wireless network. This could be leaked by various ways, for example a quick look (or snap from a camera phone) at the rear of the router is all that's required.

Anyway, what I have suddenly realised is that if some-one can connect to your wireless network, every time you check for incoming emails your user name and password can be easily extracted as it's shown in plain test. As the same details are used to access your Plusnet Account, every time emails are checked, in my case Outlook is set to do this every 30 minutes, your account user name and password is being transmitted in plain text for a snooper to pick up. This of course gives them full access to account details, telephone records, any security bolt settings, etc.

My solution is to change my wireless password from that on the router label and use my other secure non-Plusnet email account. I have forwarded any emails addressed to my Plusnet mailbox to the other account and deleted the Plusnet settings from my Email client.

I note that webmail can be accessed via a secure https link and hence is not exposed to this security flaw.

 

3 REPLIES 3
Highlighted
Aspiring Hero
Posts: 12,332
Thanks: 622
Fixes: 18
Registered: ‎01-09-2007

Re: Plusnet Security - My Rude Awakening

It's not quite that bad - wifi is moderately well encrypted.

If you want proper end-to-end encryption I'd consider signing up at https://protonmail.com/signup - you can get a single email account for free without any adverts etc.

"In The Beginning Was The Word, And The Word Was Aardvark."

Highlighted
Community Veteran
Posts: 5,428
Thanks: 621
Fixes: 25
Registered: ‎10-06-2010

Re: Plusnet Security - My Rude Awakening

Were you running wireshark on the computer accessing the email, or on a different device?

It is possible to view such traffic from another device, but perhaps not quite as easy as you suggest.

Highlighted
Superuser
Superuser
Posts: 8,273
Thanks: 1,793
Fixes: 117
Registered: ‎30-07-2007

Re: Plusnet Security - My Rude Awakening

every time you check for incoming emails your user name and password can be easily extracted as it's shown in plain test. As the same details are used to access your Plusnet Account

That's only true for the default mailbox. You can mitigate the problem by using additional mailboxes instead with their own passwords.  When/if you need to access the default one, do it from webmail, that's what I do.