Main Image

Home  >>  Consumer Articles

Date: Wednesday, August 8, 2007

Wi-fi hijack warning

At a recent security conference internet users were warned against the threat of attackers in wi-fi hotspots.

Security firm, Errata Security has presented its findings to the annual Black Hat hacker conference in Las Vegas, that hijackers are able to steal users’ information in wi-fi hotspots. They explained that hackers could do this by using specially developed tools which monitor traffic going in and out of wi-fi hotspots, and can then steal the information carrying ‘cookies’ that pass back and forth when users log in. With these cookies they can then access the webmail and social networking sites to almost the same extent as the person whose information they have stolen. Previously it was thought that people using wi-fi hotspots were protected by the encryption of their data when they log in. However, Errata has proven that hackers can use the unencrypted data stored in the cookies to access people’s information in sites such as Gmail and social networking sites such as Facebook and MySpace.

The demonstration of the information stealing tools ‘Hamster’ and ‘Ferret’ by Errata, which performed a live hijack, took place in front of the conference which is held every year for security experts to meet and share new developments on the internet security scene. Errata said that they would make the attack tools widely available to download on their website. The guards against the hackers are that most websites do not allow users to make changes to their details without re-entering their password, so hackers would not be allowed to make any changes to their victim’s online information. The other protection available is that some mail providers such as Gmail do allow their users to encrypt all their information as they use their email. These measures should help users, but people using wi-fi hotspots are still being warned to be careful.

Source:

BBC News

<< Back

This article is the intellectual property of Pan European Consulting Limited and any unauthorised reprinting or publishing on other websites is an infringement of copyright.