Black Hat: WiFi hacker utilities have arrived

Errata Security is reported to have caused quite a stir at the Black Hat security briefings in Las Vegas this week with a live demo of how two hacker utilities - Hamster and Ferret - can be used to monitor and then hijack a live public access (hotspot) Wifi session.

The hijacking appears to have been achieved by monitoring the entire data stream as it flows across the wireless connection, and then generating cloned copies of the cookies used by many sites to maintain a current session.

In a live demo, officials with Errata showed how it was possible to intercept and hijack a Google mail session.

Other sites susceptible to this type of attack include MySpace and Facebook, although it's interesting to note that Geoff Sweeney, CTO of Tier-3, the behavioural analysis IT security firm, says that such developments in hacking are inevitable.

According to Sweeney, WiFi hotspot users need to be far more aware that their online sessions are insecure and use every available IT security system available to them.

These systems, he says, including SSL (Secure Sockets Layer), two-factor authentication and behavioural analysis software.

"Only by using these security technologies can users be reasonably sure that their online sessions are not being intercepted. Of course, there's also the possibility of electronic eavesdropping, but that, as they say, is another story entirely," he said.

Electronic eavesdropping of WiFi hotspot sites? Now there's a thought...