Members of Errata Security demonstrated the technology at the Black Hat hacker conference in Las Vegas. The devices reportedly allow an attacker to interactively monitor traffic flowing to and from public wi-fi hotspots through laptop computers, PDAs and smartphones. These tools make it much easier for a cyber criminal to steal banking account details, according to Robert Graham of Errata Security.
A malicious user can also use this technology to pinch unencrypted cookies used across wi-fi web sessions, which permits the hacker to take control of the user’s online session.
At the show, officials demonstrated the hijacking of a Google mail session, but said the hacker methodology could also be extended to other popular social networking sites such as Facebook and MySpace.
However, the tools created by Graham and named “Hamster” and “Ferret”, would not allow the hacker to change the user’s password. What’s more, people using encrypted email services, such as GMail, would be protected against such an attack.
“The evolution of wi-fi hacking is quite frightening,” said Geoff Sweeney, chief technology officer at Tier-3. “Public wi-fi users need to be far more aware that their online sessions are highly insecure. Laptop users need to employ every available security system available to them, which means turning to technologies such as SSL, two-factor authentication and behavioural analysis software as standard procedure. Only by using these security technologies can users be reasonably sure that their online sessions are not being intercepted.”
The Black Hat conference is held every year in the Nevada city, and is an event for security professionals around the world to come together and swap information about online threats and hacking.
Black Hat Conf: New tools found for wi-fi hacking
By Fiona Raisbeck on Aug 6, 2007 10:02AM