A demonstration of specialised WiFi hacker tools at a Black Hat briefing in Las Vegas has been called an inevitable evolution of hacking by Tier-3, the behavioural analysis IT security specialist.
At a meeting of Black Hat security experts, officials with Errata Security demonstrated a set of utilities - Hamster and Ferret - that reportedly allow a WiFi hacker to interactively monitor traffic flowing to and from public WiFi hotspot users' notebook PCs, PDAs and smartphones.
The utilities - coded by Errata - allowed the monitoring to extend to the unencrypted cookies used across WiFi Web sessions, meaning that a hacker can hi-jack and/or overlay the user's online session.
In the Black Hat demo, officials demonstrated the hi-jacking of a Google mail session, but the hacker methodology could also be extended to other popular social networking services such as Facebook and MySpace.
Geoff Sweeney, CTO of Tier-3, said, The evolution of WiFi hacking was inevitable, but quite frightening. Public WiFi hotspot users need to be far more aware that their online sessions are highly insecure. More than anyone, notebook WiFi hotspot users need to employ every available security system available to them, which means turning to technologies such as SSL (Secure Sockets Layer), two-factor authentication and behavioural analysis software as standard procedure."
"Only by using these security technologies can users be reasonably sure that their online sessions are not being intercepted. Of course, there's also the possibility of electronic eavesdropping, but that, as they say, is another story entirely," he added.