No option available for 'never connect to this network'

Bug #1337433 reported by themusicgod1 on 2014-07-03
262
This bug affects 2 people
Affects Status Importance Assigned to Milestone
network-manager (Ubuntu)
Wishlist
Unassigned

Bug Description

Ran into a situation where a local company (Shaw) runs effectively a fake wifi hotspot that intercepts traffic to places like my online banking and redirects it to their servers. Thankfully firefox detected that something was amiss but when I looked in Network Connections icon on unity (if that's the right name for it?) ->Edit Connections->Select the connection "ShawOpen" -> hit the "Edit" button

I see a dialog with

[ ] Automatically Connect to this network when it is available
[ ] All users may connect to this network
[ ] Automatically connect to VPN when using this connection
etc

I would recommend that there be an additional checkbox put in here :
[ ] NEVER connect to this network, even if it is available

so that even when you know a wifi hotspot is hostile, you don't connect to it, even if you've connected to it in the past.

This to me is a security issue as, while ShawOpen is pretty benign, there may be instances where you know for a fact that the specific wireless network in question is harmful (perhaps, at a hacker conference like HOPEX ( http://x.hope.net/ ), or in case a "Flowers By Irene" van is parked outside of your house or something), and, despite it being an open network, you do not want to connect to it. Or perhaps even your neighbour's connection ( https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/118439 ). I see bug #118439 is closed, so perhaps it doesn't connect *automatically* anymore, but still, this seems to be a security-related feature that seems reasonable to put down as a wishlist item.

ProblemType: Bug
DistroRelease: Ubuntu 14.04
Package: network-manager 0.9.8.8-0ubuntu7
ProcVersionSignature: Ubuntu 3.13.0-29.53-generic 3.13.11.2
Uname: Linux 3.13.0-29-generic i686
NonfreeKernelModules: wl
ApportVersion: 2.14.1-0ubuntu3.2
Architecture: i386
CurrentDesktop: Unity
Date: Thu Jul 3 12:40:13 2014
EcryptfsInUse: Yes
IfupdownConfig:
 # interfaces(5) file used by ifup(8) and ifdown(8)
 auto lo
 iface lo inet loopback
InstallationDate: Installed on 2014-03-28 (97 days ago)
InstallationMedia: Ubuntu 14.04 LTS "Trusty Tahr" - Beta i386 (20140326)
IpRoute:
 default via 192.168.1.1 dev wlan0 proto static
 192.168.1.0/24 dev wlan0 proto kernel scope link src 192.168.1.101 metric 9
NetworkManager.state:
 [main]
 NetworkingEnabled=true
 WirelessEnabled=true
 WWANEnabled=true
 WimaxEnabled=true
SourcePackage: network-manager
UpgradeStatus: No upgrade log present (probably fresh install)
nmcli-dev:
 DEVICE TYPE STATE DBUS-PATH
 eth0 802-3-ethernet unavailable /org/freedesktop/NetworkManager/Devices/1
 wlan0 802-11-wireless connected /org/freedesktop/NetworkManager/Devices/0
nmcli-nm:
 RUNNING VERSION STATE NET-ENABLED WIFI-HARDWARE WIFI WWAN-HARDWARE WWAN
 running 0.9.8.8 connected enabled enabled enabled enabled disabled

themusicgod1 (themusicgod1) wrote :
information type: Private Security → Public Security
Changed in network-manager (Ubuntu):
status: New → Confirmed
themusicgod1 (themusicgod1) wrote :

The UI is slightly different in 14.10 but the same principle seems to apply.

You can configure the network manager to connect to wireless networks only if they have a certain MAC address. So you only need to clone this address along your devices in the company, and nobody will connect to a fake network accidentally.

Changed in network-manager (Ubuntu):
importance: Undecided → Wishlist
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers