A new program allows even a relative novice to turn hacker, stealing access to social networks and other unsecured login credentials via open wireless networks. Already, the application which was only launched a few days ago has had a half million downloads. Which means that your next login while innocently surfing at a hotspot in an airport lounge, your local library or coffee shop might be the one that allows your account to be hacked. And for a potential cyberbully: imagine sitting at the local highschool gathering up session cookies as each teen logs into their social network, their blog, their photo sharing site. At will the hacker or cyberbully could use this application, called Firesheep, to assume your online identity and abuse your account any way they want: change a password, upload a photo, write a blog entry, order items via online shopping, etc.
Q: What is Firesheep?
A: Firesheep is a free add-on application created for the Firefox browser (but in no way affiliated with them) that wraps a friendly interface around a hacker’s tool. The application allows a hack called “sidejacking.”
Q: What is sidejacking?
A: Sidejacking is a method of intercepting a login credential for a site or service that doesn’t always require SSL (a security feature that provides encryption). A site that uses SSL just when you login isn’t sufficient. This threat is not new but this application makes it very easy for anyone to use.
Q: Would my internet security software detect the intrusion?
A: No, because the hack isn’t happening on your computer; it’s happening mid-wireless transit, actually in “mid air.”
Q: If I login via my smart phone is this still a risk?
A: As long as you use the phone’s connection and not the open wireless network, you are not at risk from casual attackers. Any mobile device such as an iPad would have the same risk as your laptop if it were using the open wireless network and the hacker had this tool. Turn off any features that automatically log your device to available networks when in range.
Q: Does this mean I can’t ever use wireless networks again?
A: No, but it should remind you of the importance of being on a secured network. One that uses WPA security (or greater) to encrypt the information moving through the air back to the router. Or rely upon your virtual private network, either one provided by your employer or one you’ve acquired for your own use. If you don’t have a VPN and the site doesn’t always use SSL when you are logged in, delay the activity until you are in a secured environment.
Q: Could I use Firesheep to get access to my teen’s social network?
A: Most likely you could. But the use of this application could possibly be considered a form of wire-tapping and therefore illegal, though this is still the minority opinion. The legal experts consider the information leaving our laptops in an open wireless environment to be similar to the information displayed on our screens – if we fail to protect it from spying, it’s our own fault. And at Norton, we don’t recommend ever spying on your child’s online activities unless you suspect your child is in danger or at risk for self-harm. Rather, speak openly with your child about any concerns you have about their use of social networking or other online activities and use free Norton Online Family to filter, monitor and report.
Q: How should I protect my logins and those of my children?
A: Make sure the network at your house uses WPA or higher security settings and that everyone logs in via a password to use the network. Remind your children of the importance of protecting their online lives and never to share passwords or other login information as a general rule. And if they suspect someone in that coffee shop or at school stole their access information, change the passwords and check the registered emails on the account for signs of tampering.