Can someone hack into phone via home Wi-Fi?

[Polestar]

Thank you all for the replies.

My friend was just surprised at seeing an innocent video he was watching play in his housemate's TV. I offered to ask here to try and put his mind at ease, which I think has worked.

Thank you all again.

 

[Páid]

It's all https nowadays. The most he could tell would be that the traffic was being sent to youtube.com he wouldn't be able to see which video was being requested.

The youtube url would be visible which is enough to know which video is being watched. All data between youtube and the mobile would be encrypted but he could watch the video just by copying the url.

 

[jimmij]

The youtube url would be visible which is enough to know which video is being watched.

With https, only the domain can be read everything else is encrypted so they can't understand anything beyond the .com or .ie or whatever the tld is.

It makes sense when you think about it.
All that needs to be left unencrypted is the address of the website you're visiting as that's all that's needed by intermediate switches to get your packets to there.

 

[Páid]

Interesting, I didn't realise that. The browser or app must request the SSL cert before sending the full url.

 

[jimmij]

Interesting, I didn't realise that. The browser or app must request the SSL cert before sending the full url.

Yes https://www.okta.com/identity-101/ssl-handshake/