Date: Wednesday, August 8, 2007

Is wi-fi as safe as people think?

Recent evidence has shown that hackers can access our email and social networking accounts through stealing our information saving ‘cookies’ when we log in.

Experts at the annual Black Hat hacker conference demonstrated the use of specially-developed tools that allow hijackers to steal users’ log in data over wi-fi connections. It was previously believed that information passed over wi-fi connections was safe as it was encrypted, but the demonstrators security firm, Errata Security, showed that hijackers can steal the information using the unencrypted ‘cookies’. The live attack was demonstrated by Errata in front of the hacker conference in Las Vegas, which is held every year for security experts across the country to come and share new developments in internet security. The tools used in the attacks observe the traffic going in and out of public wi-fi hotspots, and give hijackers the opportunity to take hold of the information carrying cookies as they are carried to the users logging in to their email or social network account.

The experts said that once hackers had intercepted the cookie they could then gain access to the user’s email and social networking pages such as Facebook and MySpace, with virtually the same level of access afforded to the genuine user. The only thing they could not do would be to change any information, as most websites require people to re-enter their password before making any changes. This new information may make users more wary about using public wi-fi hotspots, although Errata did say that some mail providers such as Gmail let users encrypt all the data they create as they use their email. Errata carried out the attack using the tools they had developed called ‘Ferret’ and ‘Hamster’, and said that they would be making these tools publicly available to everyone via their website.

Source: BBC News