Wi-fi Hacking and Grabbing Your Cookies

Things just get worse and worse for mobile users who take advantage of cheap or free wireless hotspots, this attack involves the cookies that are used on websites to keep users information so they don’t have to login every time they go there, Gmail is a great example and one they used to demonstrate how easy it really is.

Prior to the demonstration, which involved the live hijacking of a Google mail account (GMail), many sites were thought to be safe because they encrypted the data swapped back and forth when people login.

However, Mr. Graham carried out his attack on the unencrypted cookies, tiny text files, many sites use to identify people that regularly return.

The tools created by Mr. Graham, called “Hamster” and “Ferret”, watch the traffic flowing in and out of public wi-fi hotspots and let attackers grab cookies as they are passed back to people logging in to their webmail or social network account.

Using the cookie an attacker could pose as a victim and enjoy almost the same level of access to an account as its rightful owner. Source: Warning of webmail wi-fi hijack

I will check out the tools myself and see how easy it is to do, I doubt they are available anywhere yet, but I have not searched for them. Hopefully, most sites that use cookies in this way will at least ask for a password should the hacker try to change your information, such as your password etc. If you have a VPN for your work, you should definitely connect to it before using any wireless hotspot, or any unsecured wireless network, as that will encrypt the data flowing and keep the hackers from being able to use it. When using Gmail, some extra protection can be had by starting at https://www.gmail.com as that is a secure connection, not 100% sure if it will completely block it as of yet, opinions are definitely varied.