Cybersecurity

Is HTTPS Really Secure? Can it Be Intercepted?

by Carson
written by Carson 630 views
Is HTTPS secure?

Nowadays, many websites use HTTPS (Hypertext Transfer Protocol Secure), including every website we link. In fact, about 80% of websites use this protocol in 20191(University of Michigan News, 2019), and the figure increases every year. Moreover, according to the latest data on Google Transparency Report (November 29, 2020), they ensure their sites and services utilize the most updated HTTPS by default, and 95% of traffic across their products are encrypted.2 (Google Transparency Report, n.d.)

But, there are still some security concerns about them because there are still some methods to intercept an HTTPS connection. So, that brings us the question, “Is HTTPS really secure? Can it be intercepted?

Why Choose HTTPS instead of HTTP?

How is HTTP different from its secure brother? Well, the only thing added to the alternate protocol is an SSL or TLS certificate. Then, how does this mechanism work?

Firstly, it utilizes a public key and a private key that transforms human-readable code into a pseudo-random document that anyone without the certificate’s algorithm can’t decrypt. That enhances the HTTPS website’s security by authenticating the target of the request and avoiding the traffic from redirecting to something else.

Our website’s SSL certificate
Screenshot is taken from Google Chrome.
Google Chrome's HTTPS certificate check, meaning that the connection is secure.
Chrome’s “Lock” indicating that the site uses HTTPS

SEO Issues

Also, not using HTTPS can decrease SEO. In 2014, Google announced that HTTPS is a ranking factor of their SERPs (Search Engine Result Page) because they aim for security.5(Zineb Ait Bahijji, Gary Illyes, 2014). Remember the simple text format before? Well, if users enter sensitive information like passwords and credit card numbers, attackers can quickly steal your data from pretending to be the host server. Moreover, browsers are getting smarter, and they can even block a connection with a warning screen.

Google Chrome’s warning page because a website only uses HTTP

Have you ever wondered that adding TLS can slow down the connection or not? According to httpvshttps.com, HTTPS is significantly faster than HTTP. If you think the results are too inaccurate, it only slows down the connection by a few hundred milliseconds (mostly by an additional 301 redirection), which doesn’t outweigh the certificate’s security layer.

How is HTTPS faster than HTTP according to httpvshttps.com, possibly because of continuous updates of the secure protocol

HTTPS Does Not Mean the Site Is Secure

Is HTTPS an indication that a site is secure? Although almost all reliable site uses that, it’s not necessarily a clue. In reality, about 75% of all phishing sites use HTTPS, according to data in June 2020.6 (Elliot Volkman, 2020). The lock solely says that the CONNECTION is secure, not the website. Because of that, man-in-the-middle attacks are prevented, if not increased in complexity. But, web browsers are now smart enough to recognize sites with malicious activity.

How does HTTPS security work?
How does HTTPS encrypt the files on the Internet and effectively avoid man-in-the-middle (MITM) attacks
Image Credit: Canva

So, noticing the lock doesn’t mean you don’t need to concern about inserting sensitive information. Although the connection is private, hackers can deliberately prevent security experts from blocking the connection.

Although the encryption and authentication is made, some foreign devices can still pretend to be the intended recipient, intercept the connection, and steal the message. In fact, quite a substantial amount of traffic on HTTPS are intercepted, although it sounds secure. (Cloudflare Blog, 2017). Sometimes, the interceptor redirects you to an undesired webpage or even bring you to a site that installs malware automatically. However, with modern browsers, invalid SSLs is rated as “Not Secure”. The only method to break that is to hack into the OS, change the default certificate, or copy the TLS from an authoritative website.

Don’t Ignore the Security Tips

According to a Google Chrome Help article, we should “be careful when sharing private information”, even when you’re confident that the site utilizes HTTPS.7 For example, you could mistype the URL and find yourself in a similar, if not identical, interface. Attackers may infringe copyright laws and copy source code from famous websites. They might even delve into the browser and modify the address bar’s preferences to show the correct address while contacting the wrong one.

Download things from official websites or well-known organizations if possible. Protect your password. Keep everything up-to-date. Install antivirus programs, and don’t visit suspicious websites.9 (Carson, 2020). Moreover, find your sources from “.edu” or “.gov” sites, or other famous ones such as “unicef.org”, “google.com”, “apple.com”, or some academic websites, whenever possible. Keep in mind that the information source is entirely advertising a product. They may provide unreliable statistics to entice buyers.

Conclusion

Here, we explained HTTPS security, the SEO benefits, and safety tips when using the web. Always keep in mind that although the secure protocol is reliable, many harmful websites use that. So, don’t just rely on the lock to judge whether the site is safe or not, and maintain your safety online!

References and Credits

  1. (2019, November 13). How Let’s Encrypt doubled the internet’s percentage of secure websites in four years | University of Michigan News. Retrieved December 18, 2020, from https://news.umich.edu/how-lets-encrypt-doubled-the-internets-percentage-of-secure-websites-in-four-years/
  2. (n.d.). Encryption makes the web more secure – Google Transparency Report. Retrieved December 18, 2020, from https://transparencyreport.google.com/https
  3. (n.d.). Why is HTTP not secure? | HTTP vs. HTTPS | Cloudflare. Retrieved December 18, 2020, from https://www.cloudflare.com/learning/ssl/why-is-http-not-secure/
  4. (n.d.). How Does SSL Work? | SSL Certificates and TLS | Cloudflare. Retrieved December 18, 2020, from https://www.cloudflare.com/learning/ssl/how-does-ssl-work/
  5. Zineb Ait Bahajji, Gary Illyes. (2014, August 7). HTTPS as a ranking signal | Google Search Central Blog. Retrieved December 18, 2020, from https://developers.google.com/search/blog/2014/08/https-as-ranking-signal
  6. Elliot Volkman. (2020, June 16). Abuse of HTTPS on Nearly Three-Fourths of all Phishing Sites – Security Boulevard. Retrieved December 18, 2020, from https://securityboulevard.com/2020/06/abuse-of-https-on-nearly-three-fourths-of-all-phishing-sites/
  7. (n.d.). Check if a site’s connection is secure – Google Chrome Help. Retrieved December 18, 2020, from https://support.google.com/chrome/answer/95617?hl=en
  8. Guest Author. (2017, September 12). Understanding the prevalence of web traffic interception. Retrieved December 18, 2020, from https://blog.cloudflare.com/understanding-the-prevalence-of-web-traffic-interception/
  9. Carson. (2020, December 4). What to do if your computer is hacked? – Central Galaxy. Retrieved December 18, 2020, from https://www.centralgalaxy.com/what-to-do-if-your-computer-is-hacked/

Image Credits: Canva, Google Chrome, httpvshttps.com

Related Posts

9 Types of Malware That You Must Know

How Does Hashing Work?

10 Ways to Protect Your Online Footprint

How to Set Up File Permissions Properly?

What is a Cross-site Request Forgery Attack?

How Does an Antivirus Work?

Leave a Comment

Save my name, email, and website in this browser for the next time I comment.

* By using this form you agree with the storage and handling of your data by this website.