New hacking tool makes WiFi hotspots unsafe

By danwarne, November 1 2010
New hacking tool makes WiFi hotspots unsafe

If you're using the wireless network at an airport lounge, cafe, hotel or other public access hotspot your email account is only a few clicks away from being exposed.

The new tool, named "Firesheep", is a free add-on for the Firefox browser which can capture the login details of anyone on the same network regardless of what browser they're using or even what device they're using – from a Windows or Mac laptop to an iPad or smartphone.

That data is stored is a 'cookie' which your computer downloads once you have logged into a website and allows the website to continue recognising that you are still logged in. The Firesheep tool allows other people to intercept this cookie – and the username, password and other account details –  and then use your account on the website.

While the tool doesn't allow anyone to hack into a home WiFi network that has password protection, it poses a huge threat to anyone using public WiFi hotspots in airports, coffee shops, hotel lobbies and even the in-room wired networks in hotels.

Fortunately, websites that use a secure connection and show 'https' at the beginning of the web address for all pages on the site – such as Gmail, or online banking sites – are protected from the hack.

However, many sites (including Amazon, Hotmail, Yahoo Mail, eBay and thousands of others) use a secure connection only during the initial log-in process rather than for all pages of the site, making them prime targets for the Firesheep tool.

Sites that don't use a secure connection at all, like Facebook, are now completely vulnerable to having logins stolen.

There's not only the risk of people ordering goods under your account on eBay or Amazon, but the risk that people might log in to your Facebook account, gather personal details about you (that are restricted from public view due to your privacy settings) and then use them months later to set up new credit cards or loans in your name.

There are some quick ways you can protect yourself -- the most obvious of which is not to use public WiFi hotspots. You can safely use USB 3G mobile broadband modems, as mobile networks are not affected by this problem.

However, if you do want to use WiFi hotspots or in-room hotel internet, you should subscribe to a "virtual private network" (VPN) service, which encrypts all data coming between your computer and the VPN service provider at the other end. This costs around $US60 per year. We'll publish tutorials soon on how to use VPN services.

Hi Guest, join in the discussion on New hacking tool makes WiFi hotspots unsafe