Webmail accounts hacked via WLAN
It has been recognised for some time now that it is a bad idea to check your emails through an unencrypted WLAN hotspot. If the information is unencrypted, an attacker can, for example, hijack the log-in information for webmail or POP3 accounts. However, this can be accomplished with even less effort, as demonstrated by Robert Graham of Errata Security at the Black Hat Conference. In order to hijack a Gmail account, for example, an attacker can simply read the connected victim’s cookies and use this information for logging in later. It is thus no longer necessary to find out the login name and password.
To steal the cookies Graham uses the Ferret tool, which was written specifically for this purpose and collects cookies among other things. The Hamster tool imports the cookies into the cookie jar in his own browser for subsequent email access. In addition, Ferret can also collect other types of information from the WLAN. A presentation (PowerPoint) given at the Black Hat Conference provides an overview.
Version 1.0 of Ferret can be downloaded from Errata’s pages. Hamster is due to be released on its pages in the near future. Only encrypted connections offer protection against intrusion at hotspots, so one should always use either the security features offered by appropriate client software or a secure service provider.