WiFi Insecurity: Gmail Cracking 101

Humphrey Cheung writes about Errata Security president Robert Graham’s point-and-click demonstration at Black Hat USA. Graham used a sniffer and ran Ferret to copy captured cookies (over wifi at the conference). He then cloned the cookies into his own browser and demonstrated the easy effect by showing someone else’s gmail account in his browser. (He also used the hijacked account to send a message to Cheung.)

Since the attack relies on sniffing traffic, using SSL or some type of encryption (like a VPN tunnel) would stop Graham in his tracks. However, many people browsing at public wireless hotspots don’t use such protections.

You’re an idiot if you use T-Mobile hotspot,” said Graham.

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: