Is HTTPS over wifi still safe if a hacker can set up a rogue DHCP server?
I always heard that entering passwords or any sensitive information while using a public wifi spot is safe only when visiting an HTTPS website, ensuring that the URI and certificate are valid.
Many wifi spots in my country (France) are badly administered and I hardly doubt that they are configured correctly. I would suppose that it won't be difficult to set up a rogue DHCP.
Imagine that a hacker using the machine 192.168.1.50 sets up a rogue DHCP which specifies that the DNS server is located at 192.168.1.50. When I query the new DNS server for the IP of mail.google.com, instead of giving the real IP such as 172.217.18.133 googlemail.l.google.com, it gives the wrong one, 192.168.1.50 googlemail.l.google.com.
Since the hacker now controls any communication between the victim and the outside world, he could now reuse the real certificate issued by GeoTrust Global CA for mail.google.com domain when I access the HTTP server at 192.168.1.50. Since the certificate is linked to the domain name, but the domain name matches, the browser shouldn't be able to figure out that something is wrong.
I imagine that I'm missing something; otherwise, many wifi hotspots would be hacked this way and HTTPS over wifi won't be considered safe any longer.
What's wrong in my reasoning?
