Gmail Easily Hacked on Unencrypted Wireless but Fix is Simple
Hearing that unencrypted WiFi is unsecure is not news, what is interesting is how easily Web app sessions can be hijacked on these network. There is a nice description by Humphrey Cheung at TGDaily of a man in the middle attack by Robert Graham, the CEO of errata security. Graham hijacked a GMail session of a volunteer and showed how easily he could grab cookies and IP addresses and commandeer a session.
Here is Cheung's description followed by a simple solution that'll work even on unencrypted networks:
The attack is actually quite simple. First Graham needs to be able to sniff data packets and in our case the open Wi-Fi network at the convention fulfilled that requirement. He then ran Ferret to copy all the cookies flying through the air. Finally, Graham cloned those cookies into his browser – in easy point-and-click fashion - with a home-grown tool called Hamster.The attack can hijack sessions in almost any cookie-based web application and Graham has tested it successfully against popular webmail programs like Google’s Gmail, Microsoft’s Hotmail and Yahoo Mail. He stressed that since the program just uses cookies, he only needs an IP address and usernames and passwords aren’t required.
Now the solution is not too surprising: force SSL on the entire session, not just during authentication. Using https://mail.google.com/mail/ instead of the http equivalent will do the trick.
Email This!
Digg it!
Sphere it!
Del.icio.us
Reddit!
Newsvine
