Errata Security has created two tools called Hamster and Ferret that enable a WiFi hacker to sniff WiFi traffic and collect unencrypted cookies used across WiFi session.
Errata officials demonstrated the programs hacking into Google’s GMaili at the Black Hat security conference in Las Vegas last week.
Hamster and Ferret enable a WiFi hacker to interactively monitor traffic flowing to and from public WiFi hotspot users’ notebook, PDAs and smartphones. By grabbing unencrypted cookies, hackers could use the programs to hi-jack or overlay a user’s online session.
Security analysis outfit Tier-3 said WiFi sniffing was an inevitable evolution of hacking and could also be extended to other popular social networking services such as Facebook and MySpace.
Public WiFi hotspot users need to be far more aware that their online sessions are highly insecure, said Tier-3 CTO Geoff Sweeney. More than anyone, notebook WiFi hotspot users need to employ every available security system available to them, which means turning to technologies such as SSL (Secure Sockets Layer), two-factor authentication and behavioral analysis software as standard procedure.